Authentication types/fr

At various places in the configuration file, for example the Oper block, Vhost block, Link block and Allow block you can authenticate clients by password or other means. You can specify the password as plaintext, but you can also specify an "authentication type".

Available auth-types
The following auth-types are available:

The last two types, sslclientcert and sslclientcertfp require a bit more work and expertise, as the user (or server link) must generate their own SSL Certificate and then use it to connect to the server via SSL/TLS. We suggest to use this auth-type to authenticate server links (as described in our Tutorial: Linking servers), and also for /OPER (in the Oper block). See example 2 and 3 below.

If you don't understand how SSL client certificates work or just want to authenticate by password then use the bcrypt algorithm. It's the best password hashing algorithm we can offer and it's slow to crack.

Example 1: bcrypt password in vhost block
Say, you want to use the password test and want to use bcrypt hashed passwords (the most secure password hashing type).

/MKPASSWD bcrypt test or on the *NIX command line run: irc@system:~/Unreal3.4$ ./unreal mkpasswd Enter password to hash: Encrypted password is: $2y$09$vy1yzAEDsvps.4.2WEjgm.RZ0A7q.PYnbYGKGjngt0UOmZfo10cky vhost { vhost I.love.Tux; from { userhost *@*; }; login Tux; password "$2y$09$vy1yzAEDsvps.4.2WEjgm.RZ0A7q.PYnbYGKGjngt0UOmZfo10cky"; };
 * As IRCOp run:
 * You should get back a string that starts with $ followed by a lot of characters.
 * Put this string in your vhost block like this:


 * /REHASH your IRCd server configuration (Execute /REHASH as an IRCop on IRC)
 * Try to use the new vhost by typing /VHOST Tux test

Example 2: Oper by SSL Client certificates
sslclientcert and sslclientcertfp are exceptional auth-types which can be used to authenticate SSL users by their client certificate. With these authentication methods you can be sure the user is using SSL and is using the specified client certificate. It's very secure but is a slightly advanced feature.

Here's an example of how to use it for the oper block: openssl x509 -in name-of-pem-file.pem -sha256 -noout -fingerprint where name-of-pem-file.pem is your SSL certificate. oper test { password "E7:4D:46:F1:9F:F4:68:F5:E8:E3:49:CC:28:5D:F9:65:85:BA:4F:16:B6:49:02:E3:34:E6:E7:6A:FE:76:A7:98" { sslclientcertfp; }; flags { global; can_override; }; class clients; };
 * Create an SSL client certificate if you don't have one already (search the web for 'create ssl certificate' if you don't know how)
 * Grab the SHA256 hash of the certificate by running this on your *NIX shell or in Windows in your C:\Program Files (x86)\Unreal3.4 directory:
 * In the configuration file, set the password to the AA:BB:CC:DD:etc.. hash you saw from previous command. Example:
 * Rehash your server (type /REHASH on IRC as an IRCop)
 * Connect with your SSL client and make sure it uses your SSL client certificate. You will have to specify it somewhere in your client, consult your clients' documentation.
 * Now oper up through /OPER test (on older servers /OPER test x). When you try this, make sure that you are not already an IRCOp.
 * You should now have IRC Operator rights.
 * Congratulations, you are now using the most secure authentication method available in UnrealIRCd!

Example 3: SSL Client certificates when linking servers
When you are linking servers via the Link block we highly suggest you follow the Tutorial: Linking servers as it uses the SSL client certificate fingerprint authentication type.