Authentication types

At various places in the configuration file, for example the Oper block, Vhost block, Link block and Allow block you can authenticate clients by password or other means. You can specify the password as plaintext, but you can also specify an "authentication type".

Available auth-types
The following auth-types are available:

The auth-type argon2 is the best one if you want to authenticate using a password. It's slow to crack.

The types sslclientcert and sslclientcertfp require a bit more work and expertise, as the user must generate their own SSL Certificate and then use it to connect to the server via SSL/TLS. We suggest to use this auth-type for /OPER (in the Oper block), see the 2nd example below. Finally the type spkifp is usually only used for linking servers.

Example 1: argon2 password in vhost block
Say, you want to use the password test and want to use argon2 hashed passwords (the best password hashing method available).

/MKPASSWD argon2 test or on the *NIX command line run: irc@system:~/unrealircd$ ./unrealircd mkpasswd Enter password to hash: Encrypted password is: $argon2id$v=19$m=8192,t=3,p=2$hDpgvcBOUVAJMQcJITTLnQ$fL5lg/3tZ0VgTXn61EQ6Rnxhl5j+MvESBBGpg1mZqWM vhost { vhost I.love.Tux; mask *@*; login Tux; password "$argon2id$v=19$m=8192,t=3,p=2$hDpgvcBOUVAJMQcJITTLnQ$fL5lg/3tZ0VgTXn61EQ6Rnxhl5j+MvESBBGpg1mZqWM"; };
 * As IRCOp run:
 * You should get back a string that starts with $ followed by a lot of characters.
 * Put this string in your vhost block (or any other block) like this:


 * /REHASH your IRCd server configuration (Execute /REHASH as an IRCop on IRC)
 * Try to use the new vhost by typing /VHOST Tux test

Example 2: Oper by SSL Client certificates
sslclientcert and sslclientcertfp are exceptional auth-types which can be used to authenticate SSL users by their client certificate. With these authentication methods you can be sure the user is using SSL and is using the specified client certificate. It's very secure but is a slightly advanced feature.

Here's an example of how to use it for the oper block: openssl x509 -in name-of-pem-file.pem -sha256 -noout -fingerprint where name-of-pem-file.pem is your SSL certificate. oper test { password "E7:4D:46:F1:9F:F4:68:F5:E8:E3:49:CC:28:5D:F9:65:85:BA:4F:16:B6:49:02:E3:34:E6:E7:6A:FE:76:A7:98" { sslclientcertfp; }; flags { global; can_override; }; class clients; };
 * Create an SSL client certificate if you don't have one already (search the web for 'create ssl certificate' if you don't know how)
 * Grab the SHA256 hash of the certificate by running this on your *NIX shell or in Windows in your C:\Program Files (x86)\UnrealIRCd 4 directory:
 * In the configuration file, set the password to the AA:BB:CC:DD:etc.. hash you saw from previous command. Example:
 * Rehash your server (type /REHASH on IRC as an IRCop)
 * Connect with your SSL client and make sure it uses your SSL client certificate. You will have to specify it somewhere in your client, consult your clients' documentation.
 * Now oper up through /OPER test (on older servers /OPER test x). When you try this, make sure that you are not already an IRCOp.
 * You should now have IRC Operator rights.
 * Congratulations, you are now using the most secure authentication method available in UnrealIRCd!

Example 3: SSL Client certificates when linking servers
When you are linking servers via the Link block we highly suggest you follow the Tutorial: Linking servers as it uses the SSL client certificate fingerprint authentication type.