Skip to content

Automatically authenticating to NickServ

Eric Mertens edited this page Feb 1, 2019 · 3 revisions

This article is targeted at connecting to Freenode, but the concepts should translate to other servers.

SASL: Username and Password (PLAIN)

To authenticate to NickServ during the connection process you can specify your username and password in your configuration file as part of the server setting.

Required configuration: sasl-username: <username>, sasl-password: <password>

  * name           : "fn"
    hostname       : "chat.freenode.net"
    nick           : "mynick"
    sasl-username  : "myaccount"
    sasl-password  : "mypassword"

SASL: Username and ECDSA key (ECDSA-NIST256P-CHALLENGE)

Freenode also supports authentication using a public/private key pair using ECDSA-NIST256p-CHALLENGE. To configure this you'll need ecdsatool.

Assign your public key to NickServ

/msg NickServ SET PUBKEY <THEPUBLICKEY>

Update your configuration file. Remember that relative paths are relative to the configuration file.

Required configuration: sasl-username: <username>, sasl-ecdsa-key: <filepath>

  * name           : "fn"
    hostname       : "chat.freenode.net"
    nick           : "myaccount"
    sasl-username  : "myaccount"
    sasl-ecdsa-key : "path/to/key.pem"

SASL: TLS Client Certificate (EXTERNAL)

You can authenticate to NickServ via the TLS layer using TLS client certificates. The process is documented in the CertFP article on Freenode.

Required configuration: tls: yes, sasl-username: <username>, tls-client-cert: <filepath>

/msg NickServ CERT ADD <CERTIFICATEFINGERPRINT>
  * name           : "fn"
    hostname       : "chat.freenode.net"
    nick           : "mynick"
    sasl-username  : "myaccount"
    tls            : yes
    tls-client-cert: "path/to/cert.pem"
    tis-client-key : "path/to/key.pem"   -- optional if key is stored in cert file
You can’t perform that action at this time.