SASL script for the Eggdrop IRC bot
Branch: master
Clone or download
Type Name Latest commit message Commit time
Failed to load latest commit information.
LICENSE add license and standard headers, clarify dependencies Jan 8, 2019 invent the term 'SCRAM token' Jan 10, 2019
g_atheme_need.tcl relicense under MIT Expat Jun 16, 2015
g_base64.tcl relicense under MIT Expat Jun 16, 2015
g_cap.tcl cosmetic rename $sasl-use-mechs to $sasl-mechanism Jan 9, 2019
g_pbkdf2.tcl add license and standard headers, clarify dependencies Jan 8, 2019
g_scram.tcl add a knob to disable automatic eggdrop.conf edits Jan 10, 2019

Eggdrop 1.8 SASL script:

  1. For convenience, download this entire repository with git clone

  2. Get Eggdrop 1.8 from Git or from CVS. Compile and install.

    The preinit-server patch was merged into Eggdrop 1.8 recently, so you do not need to patch it manually anymore.

  3. From your Eggdrop config, source the scripts and set the SASL information.

    source "scripts/eggdrop-sasl/g_base64.tcl"
    source "scripts/eggdrop-sasl/g_cap.tcl"
    set sasl-user "NoobBot"
    set sasl-pass "blahblah"

(For those who still need it, the patch for 1.6.x is still there.)

SCRAM-SHA support

  1. To enable support for SCRAM-SHA-1 or SCRAM-SHA-256, first ensure tcllib is installed, then load two additional scripts:

    source "scripts/eggdrop-sasl/g_pbkdf2.tcl"
    source "scripts/eggdrop-sasl/g_scram.tcl"
    set sasl-mechanism "SCRAM-SHA-256"
  2. Connect to the server. Note that the first connection attempt will need to generate the authentication token using PBKDFv2, which is very slow in Tcl so the server may time out. Just wait for Eggdrop to retry, and the second attempt should work fine.

  3. To improve security and to avoid the initial connection delay, you should remove the plaintext password from your eggdrop.conf and replace it with the generated token.

    You can find this token in your Eggdrop logs, or by running .tcl set sasl-pass on the console after a successful connection. The token will look like this:

    set sasl-pass "scram:a=sha256,s=<etc>,i=<etc>,H=<etc>"

    Note: The script will try to automatically add the token to your config, (although it won't remove the plaintext password – you'll have to do that manually).

Atheme auto-reop script:

  1. From your Eggdrop config, source the g_atheme_need.tcl script.

  2. Add a user named services to your bot, with ChanServ's hostmask, and give it the +fS flags.

    .+user services *!*
    .chattr services +fS

    Otherwise the bot can think it's being notice-flooded by ChanServ and ignore it.