Configuring ZNC with HexChat
I recently set up ZNC instance to capture whatever I may miss when not connected to any of the many OpenStack IRC channels. One tricky part of this configuration was my use of multiple authentication layers. I have ZNC configured to use a server password, but I also have my nick registered on freenode and I would like to use SASL to authenticate this. It turns out that this is relatively easy to do.
Configure server password (/PASS) authentication
You should first configure the connection to your ZNC server. Create a new
server profile (HexChat > Network List, or <Ctrl> + S) and
configure it like so:
Configuring server password authentication
Most of this configuration doesn’t differ from the many guides available on
configuring HexChat with ZNC. I’m using SSL, so I enable that (and accept my
“invalid”, self-signed key), and I select this as the server to automatically
connect to when I open HexChat. The interesting bit is the Server Password </PASS password section. In here, I have my username and server password
stored in format [username]:[password], e.g. admin:password.
Once done, I also need to configure a channels you want to connect to on the Autojoin channels tab:
Configuring autojoin channels
I’m mostly concerned with #openstack-xxx channels, but your configuration
will differ.
Configure SASL authentication
Now we should be able to connect to the ZNC server without gettings an Invalid password errors. However, looking at the logs for the freenode server
connection, we can see that we’re being asked to authenticate our registered
nick:
TODO
Time for SASL. Many of these steps are documented on the ZNC wiki, but they’re documented here for posterity.
First, [load the module] znc-mods on ZNC:
/msg *status loadmodule sasl
Then, set the mechanism. We use PLAIN (plaintext), which is a-OK as we’re
using SSL:
/msg *sasl mechanism PLAIN
Finally, supply your username and password:
/msg *sasl set <username> <password>
That should be the end the need to run pesky nickserv commands.
Wrap up
We now have authentication against the server, using a server password, and authentication against the nickserv, using SASL. Pretty much hassle free.