We would like to encourage you to authenticate via SASL, so you will already be authenticated before your client tries to join channels, which results in a smoother connection setup.
- password based (easy)
- certificate based (moderately difficult)
- SASL ECDSA-NIST256P-CHALLENGE (atheme-specific)
- SASL EXTERNAL
To enroll the fingerprint of the certificate you are currently connected with call:
/msg NickServ cert add
Presenting the client certificate on connect will subsequently authenticate you against services.
We're currently using SHA256 fingerprints for SASL External and CertFP.
If you are planning to use ECDSA-NIST256P, generate
and store the public key within the services. During the connection phase
a challenge-based authentication will happen.
$ openssl ecparam -genkey -name prime256v1 -out ecdsa.pem $ openssl ec -noout -text -conv_form compressed -in ecdsa.pem | grep '^pub:' -A 3 | tail -n 3 | tr -d ' \n:' | xxd -r -p | base64
/msg NickServ set property pubkey <pubkey>
/set irc.server.hackint.sasl_username <account> /set irc.server.hackint.sasl_key </path/to/ecdsa.pem> /set irc.server.hackint.sasl_method ecdsa-nistp256-challenge
Other ways to connect exist, they use transports, check the menu for that.