Require authentication block

The require authentication block allows you to specify IP/hosts of users that need to authenticate to a valid services account during connecting. This could, for example, be used to ban an ISP that is known for troublemakers, while still allowing legit users in from that IP if they have a valid account. Or, it can be used to simply require authentication for all users.

Authentication by the user is done either by using SASL (the recommended method) or via authprompt that will ask non-SASL users to authenticate interactively by typing.

Syntax
require authentication { mask ; reason ; };

The mask is a Mask item and the reason is the reason for the requirement. The reason is shown when the user is trying to connect without authentication.

Note that require authentication blocks configures a local requirement. The user may still connect to other servers on the network.

Simple example
require authentication { mask *@*.tld; reason "Too many abusers from this country, please authenticate"; };

Require all except
There is the Except ban block to exempt users from all bans, but you can't really use it for broad exemptions like countries, since then you would no longer be able to ban users from such a country.

You can, however, use a require authentication { } block with a mask::exclude-* item, to "require authentication to all, except..": require authentication { mask { mask *; exclude-country { NL; DE; FR; } }	reason "Unregistered users are not allowed from your country"; } NOTE:
 * Requiring authentication for (or banning on) countries is not particularly nice. If you allow multiple countries then the countermeasure is likely not effective at all.

Similar functionality
The same can be achieved online (on IRC) by adding a "soft kline": /KLINE %*@*.tld Too many abusers from this country, please authenticate The % prefix (percent symbol) will make it only ban unauthenticated users.

See also the Authentication article for all the different ways and possibilities to force authentication.