invent the term 'SCRAM token'

Talking about PBKDFv2 hashes might confuse the user into thinking that they can just generate their own hash using any parameters, which will not work. (The parameters must be server-provided.) Users might be already familiar with e.g. OAuth tokens or API tokens, and the SCRAM hash is similar in how it behaves.
grawity · Jan 10, 2019 · bbd55ff · bbd55ff
1 parent 5d159f7
commit bbd55ff
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 3 deletions.
diff --git a/README.md b/README.md
@@ -29,14 +29,27 @@
     set sasl-mechanism "SCRAM-SHA-256"
     ```
 
- 4. Connect to the server. Note that PBKDF2-SHA is *very slow* in Tcl, and the first connection attempt may time out. Wait for Eggdrop to retry; the second attempt should work fine.
+ 4. Connect to the server. Note that the first connection attempt will need to
+    generate the authentication token using PBKDFv2, which is *very slow* in
+    Tcl so the server may time out. Just wait for Eggdrop to retry, and the
+    second attempt should work fine.
 
- 5. To improve security and to avoid the initial connection delay, you should remove the plaintext password from your _eggdrop.conf_ and replace it with the PBKDFv2 hash using server-supplied parameters. The script will automatically show the recommended hash to put in the `sasl-pass` field.
+ 5. To improve security and to avoid the initial connection delay, you should
+    remove the plaintext password from your _eggdrop.conf_ and replace it with
+    the generated token.
+
+    You can find this token in your Eggdrop logs, or by running `.tcl set
+    sasl-pass` on the console after a successful connection. The token will
+    look like this:
 
     ```tcl
     set sasl-pass "scram:a=sha256,s=<etc>,i=<etc>,H=<etc>"
     ```
 
+    Note: The script will try to automatically add the token to your config,
+    (although it won't remove the plaintext password – you'll have to do that
+    manually).
+
 ## Atheme auto-reop script:
 
  1. From your Eggdrop config, `source` the **g_atheme_need.tcl** script.

diff --git a/g_scram.tcl b/g_scram.tcl
@@ -45,7 +45,7 @@ proc scram:xorbuf {a b} {
 }
 
 proc scram:upgrade-config {pass} {
-	putlog "You should set sasl-pass to: \"$pass\""
+	putlog "SCRAM: You should now change sasl-pass to this token: \"$pass\""
 	global config
 	catch {
 		putlog "SCRAM: Automatically storing password hash in $config"