What's SASL and how it works?
Simple Authentication and Security Layer (SASL) is a framework for authentication and data security in Internet protocols. It decouples authentication mechanisms from application protocols, in theory allowing any authentication mechanism supported by SASL to be used in any application protocol that uses SASL.

What are the advantages of authentication?

  • You can hide your IP address by assigning a cloaked hostname.

  • You can join channels which allow only authenticated users to join (+r).

  • You can choose to chat privately only with certified users (+R).

  • You can recover your nick, if someone else is using it.

If you are not registered yet, do it now.

If your account already exists.

If you need assistance.

How to configure SASL account?

Configure your SASL account

  1. Create a spoof hostname on the Hostnames page.
    (Skip these steps if you do not have your own domain or you want to use the preconfigured spoof provided)

    • Click the "Add hostname" button.

    • Fill out the "Hostname" field with the (sub)domain you want to use for the cloak.
      (this should be a name without an existing A/AAAA record)

    • Click the "Add" button. Your newly created spoofed Hostname should now be listed as "not verified".

    • Click the "Edit" button for your newly created Hostname.

    • Add the TXT record as given to your DNS configuration.
      (How you do this depends on where/how your domain is managed)

    • You can click the "verify now" button to check if the configuration is active, but It may take a while for the update to take effect depending on the DNS server configuration (it can be 1 day or more for some configurations).

    • Check the Hostnames page occasionally and it should eventually show the status as "verified".
      Do not remove the TXT record after verification as this will disable the spoofed hostname.

  2. Create a your Credentials on Credentials page.

    • Click the "Create credential" button.

    • Select "PLAIN" in the "Mechanism" drop-down list.

    • Select the hostname for this cloak from in the "Hostname" drop-down list.

    • Fill in the IP or CIDR subnet (up to /16 for IPv4 and /48 for IPv6) you connect to IRC from in the "IP address / subnet" field.

    • If you host supports identd and you want to use it, fill in your username in the "Ident (optional)" field
      (not required even for identd supporting hosts. Leave this empty if you are not sure).

    • Fill in the Password with your own choice of password in the "Password" field. The password is case-sensitive.

    • Click the "Create" button. The IRC servers are updated once an hour so wait 1 hour for your change to take effect.

  3. Configure your IRC client to connect to one of our IRC-Servers on port 6667.

  4. You should now be able to connect with the cloak.

    • Read the MOTD carefully after connecting.

    • Remember the cloaks are personal. Do not share them with others, have them sign up for their own account instead.

    • Your account may be blocked if you break the rules.

If you have any questions or need help, please join #contempt.

How to configure SASL on IRC client?

Configure SASL for ZNC

/query *status loadmod sasl

/msg *sasl mechanism PLAIN

/msg *sasl set <username> <password>

/query *status jump

/squery saslservice status

Configure SASL for mIRC

Step-by-step instructions:

  1. In the File menu, click Select Server.

  2. In the Connect -> Servers section of the mIRC Options window, add a Contempt IRC server (ex. Address: nova.irc.it - Port: 6667).

  3. In the Login Method dropdown, select SASL (/CAP).

  4. In the second Password box at the bottom of the window, enter your username, then a colon, then your Credential password (ex. loginID:password)

  5. Click the OK button

Configure SASL for Irssi

/network add -sasl_username <login> -sasl_password <password> -sasl_mechanism PLAIN Contempt

/server add -net Contempt irc.contempt.chat 6667

Configure SASL for WeeChat

/server add contempt irc.contempt.chat/6667

/set irc.server.contempt.sasl_mechanism PLAIN

/set irc.server.contempt.sasl_username <nickname>

/set irc.server.contempt.sasl_password <password>

/save

/connect contempt

Connected! Now...

You can hide your IP address by assigning a cloaked hostname

You can join channels which allow only authenticated users to join (+r).

You can make your channel more secure by allowing access only to SASL authenticated users.

How to add restriction:
/mode #channel +r

How to remove restriction:
/mode #channel -r

You can choose to chat privately only with certified users (+R).

How to add restriction in query:
/mode <your-nick> +R

How to remove restriction in query:
/mode <your-nick> -R

You can recover your nick, if someone else is using it.

If someone else is using your nick on IRC, you can recover it by using the following command twice:

/SQUERY SASLService GETNICK <nick>

Nicks can only be approved by administrators.