Authentication

UnrealIRCd allows users to authenticate to services before they are online. This also means you can require authentication so unauthenticated users cannot enter the server. This can be done selectively (eg: only certain IP addresses, only TOR proxy users, etc.) or simply for everyone (if you want a closed chat server).

NOTE: Most of this page documents features in UnrealIRCd 4.2.1 and later, that are not available in older versions.

How it looks like
If the authprompt module is loaded then when a user connects it looks like this: [11:56:08] -server.test.net- The server requires clients from this IP address to authenticate with a registered nickname and password. [11:56:08] -server.test.net- Please reconnect using SASL, or authenticate now by typing: /AUTH nick:password [11:56:08] -server.test.net- If you don't have a registered account then go to https://example.org/ If the user has a services account on the network (s)he can then configure SASL in their IRC client, or they can simply type

How to setup
To use authentication you need to run a Services package, such as anope, and enable SASL on the server (and in services).

If you are going to use authentication as a way of trust, then you should also pay special attention to your services package features to counter abuse. It is highly recommended to have features enabled such as registration delay, email verification, and so on. Consult your services documentation for details.

You may also want to read about the various options that are available to you, see below.

Who needs to authenticate?
The server admin can decide and has a number of options available:

Only certain IPs/hosts
If an ISP has a lot of troublemakers then you can require users on  to authenticate. This can be done with a Require authentication block which allows to specify an hostmask.

For everyone
If you want a closed chat server with only authenticated users then you can use the previously mentioned Require authentication block with a mask of

Dynamically on IRC
You can use soft-klines and soft-glines. These are prefixed with a percent sign. For example: /GLINE %*@*.nl 0 I hate Dutch people This will require authentication for all users matching the *.nl mask.

Blacklisted users
This allows you to require authentication for TOR and (other) proxy users, for example.

First you configure the blacklist module to check an appropriate DNSBL. Then, in the blacklist block, you use an action such as soft-kill, soft-kline and soft-gline.