SASL

What's SASL and how it works?
Simple Authentication and Security Layer (SASL) is a framework for authentication and data security in Internet protocols. It decouples authentication mechanisms from application protocols, in theory allowing any authentication mechanism supported by SASL to be used in any application protocol that uses SASL.

What are the advantages of authentication?

You can hide your IP address by assigning a cloaked hostname.
You will not be scanned by our drone scanner.
You can connect to servers which allow SASL authenticated users.

Which IRC servers support SASL?

dev.ircnet.ca

Registration

Support

How to configure your SASL account?

Create a cloaked hostname on the hostnames page.
(Skip these steps if you do not have your own domain or you want to use the preconfigured cloaked provided)
- Click the "add hostname" button.
- Fill out the "hostname" field with the (sub)domain you want to use for the cloak.
  (this should be a name without an existing A/AAAA record)
- Click the "add" button. Your newly created cloaked hostname should now be listed as "not verified".
- Click the "edit" button for your newly created hostname.
- Add the required TXT record to your DNS configuration.
- You can click the "verify now" button to check if the TXT record is active, but it may take a while for the update to take effect depending on the DNS server configuration.
- Do not remove the TXT record after verification as we check it periodically
Create a credential on credentials page.
- Click the "create credential" button.
- Select "PLAIN" in the "Mechanism" drop-down list.
- Select the hostname for this cloak from in the "hostname" drop-down list.
- (Optional) Fill in the IP or CIDR subnet you connect to IRC from in the "IP address/subnet" field, if you want to restrict the credentials to this source address.
- Fill in the password with your own choice in the "password" field. The password is case-sensitive.
- Click the "Create" button. It can take 10 minutes until the service has synchronized.
Configure your IRC client to connect to one of our IRC servers (description below).
You should now be able to connect with the cloak.
- Read the MOTD carefully after connecting.
- Remember the cloaks are personal. Do not share them with others, have them sign up for their own account instead.
- Your account may be blocked if you break the rules.

If you have any questions or need help, please join #ircnet.

How to configure SASL on IRC client?

Configure SASL for ZNC

/query *status loadmod sasl

/msg *sasl mechanism PLAIN

/msg *sasl set <loginId> <password>

/query *status jump

/squery saslservice status

Configure SASL for mIRC

Step-by-step instructions:

In the File menu, click Select Server.
In the Connect -> Servers section of the mIRC Options window, add a IRCnet server (ex. address: dev.ircnet.ca - Port: 6667).
In the Login Method dropdown, select SASL (/CAP).
In the second Password box at the bottom of the window, enter your login ID, then a colon, then your Credential password (ex. loginID:password)
Click the OK button

Configure SASL for Irssi

/network add -sasl_username <loginId> -sasl_password <password> -sasl_mechanism PLAIN ircnet

/server add -net ircnet dev.ircnet.ca 6667

Configure SASL for WeeChat

It is possible to connect via SASL in two ways.

PLAIN Mechanism:

/server add ircnet dev.ircnet.ca/6667 -notls

/set irc.server.ircnet.sasl_mechanism plain

/set irc.server.ircnet.sasl_username <loginId>

/set irc.server.ircnet.sasl_password <password>

/save

/connect ircnet

ECDSA-NIST256P-CHALLENGE Mechanism:

In your Linux shell:

Generate a key:
openssl ecparam -genkey -name prime256v1 -out ~/.weechat/ecdsa.pem
Get public key as base64:
openssl ec -noout -text -conv_form compressed -in ~/.weechat/ecdsa.pem | grep '^pub:' -A 3 | tail -n 3 | tr -d ' \n:' | xxd -r -p | base64
(You wil get key e.g. AoxWi1Phgumvf+hFRE91Q60tlcy8oa+IswYoEBjXoEar - SAVE IT!)
Go to https://sasl.ircnet.com/account/
• Create a credential
• Login ID: leave it the same
• Choose mechanism: ECDSA-NIST256P-CHALLENGE
• Public key: paste the key received in the second step

In WeeChat:

/server add ircnet dev.ircnet.ca/6667

/set irc.server.ircnet.sasl_mechanism ecdsa-nist256p-challenge

/set irc.server.ircnet.sasl_username <loginId>

/set irc.server.ircnet.sasl_key "%h/ecdsa.pem"

/connect ircnet

This method is much safer, we recommend it!

Configure SASL for AdiIRC

SASL support is Built into the new Serverlist and into the /server command as of 1.9.9.

To enable SASL in the Serverlist:

Set the Login Method to "SASL (username + password)".
Set the "Username" to your login ID.
Set the "Password" to your password.

Configure SASL for HexChat

Step-by-step instructions:

Open the Network List (Ctrl + S)
Click Add and type IRCnet, then hit enter and click on Edit.
Replace the string newserver/6667 with dev.ircnet.ca/+6697
In the User name field, enter your login ID.
Select SASL (username + password) for the Login method field.
In the Password field, enter your password.

If everything was configured correctly, you should see a SASL authentication successful message when you connect.