bnc icon indicating copy to clipboard operation
bnc copied to clipboard

Published 20 hours ago verified publisher icon goshuirc

Authenticating to the bouncer

Open DanielOaks opened this issue 7 years ago • 0 comments

So there are two sides of authentication, clients connecting into the bouncer, and then the bouncer authenticating to networks.

This issue roughly goes over the ways clients should be able to authenticate their account (and which network they want to connect to) to the bouncer.

  1. Server connection password (PASS) of username/network:password - mimics ZNC.
  2. USER of username/network and server connection password (PASS) of the account password - mimics ZNC.
  3. SASL PLAIN for the account login, have just the network name in USER.
  4. SASL CERTFP to auth to the account, having just the network name in USER.

We currently support 1, adding 2 for compatibility with ZNC makes sense. 3 seems pretty obvious and shouldn't be too difficult for me to implement.

4 is a bit weird, but I think doing auth with TLS client certs makes sense to look at some point a fair ways down the road.

DanielOaks avatar Aug 20 '17 06:08 DanielOaks