Authentication

UnrealIRCd allows users to authenticate to services before they are online. Normally this is optional, but you can also require authentication so unauthenticated users cannot enter the server. This can be done selectively (eg: only certain IP addresses, only TOR proxy users, etc.) or simply for everyone (if you want a closed chat server).

How it looks like
When the authprompt module is loaded (the default in UnrealIRCd 5) and the user must authenticate, then it will look like this: [11:56:08] -server.test.net- The server requires clients from this IP address to authenticate with a registered nickname and password. [11:56:08] -server.test.net- Please reconnect using SASL, or authenticate now by typing: /AUTH nick:password [11:56:08] -server.test.net- If you don't have a registered account then go to https://example.org/ The user can then configure SASL in their IRC client, or they can simply type

How to setup
To use authentication you need to run a Services package, such as anope, and enable SASL on the server (and in services).

If you are going to use authentication as a way of trust, then you should also pay special attention to your services package features to counter abuse. It is highly recommended to have features enabled such as registration delay, email verification, and so on. Consult your services documentation for details.

Once set up, you may want to enable and configure the authprompt module.

Finally, you configure in UnrealIRCd when people need to authenticate, see below.

Who needs to authenticate?
The server admin can decide and has a number of options available:

Only certain IPs/hosts
If an ISP has a lot of troublemakers then you can require users on  to authenticate. This can be done with a Require authentication block which allows to specify an hostmask. require authentication { mask *@*.isp.tld; reason "Many troublemakers from this internet provider. Please authenticate."; };

Everyone
If you want a closed chat server with only authenticated users then you can use the previously mentioned Require authentication block with a mask of

Dynamically on IRC
You can use soft-klines and soft-glines. These are prefixed with a percent sign. For example: /GLINE %*@*.nl 0 I hate Dutch people This will require authentication for all users matching the *.nl mask.

Blacklisted users
This allows you to require authentication for TOR and (other) proxy users, for example.

First you configure the blacklist module to check an appropriate DNSBL. Then, in the blacklist block, you use an action such as soft-kill, soft-kline and soft-gline.