github twitter linkedin email
Configuring ZNC with HexChat

Configuring ZNC with HexChat

I recently set up ZNC instance to capture whatever I may miss when not connected to any of the many OpenStack IRC channels. One tricky part of this configuration was my use of multiple authentication layers. I have ZNC configured to use a server password, but I also have my nick registered on freenode and I would like to use SASL to authenticate this. It turns out that this is relatively easy to do.

Configure server password (/PASS) authentication

You should first configure the connection to your ZNC server. Create a new server profile (HexChat > Network List, or <Ctrl> + S) and configure it like so:

Configuring server password authentication

Most of this configuration doesn’t differ from the many guides available on configuring HexChat with ZNC. I’m using SSL, so I enable that (and accept my “invalid”, self-signed key), and I select this as the server to automatically connect to when I open HexChat. The interesting bit is the Server Password </PASS password section. In here, I have my username and server password stored in format [username]:[password], e.g. admin:password.

Once done, I also need to configure a channels you want to connect to on the Autojoin channels tab:

Configuring autojoin channels

I’m mostly concerned with #openstack-xxx channels, but your configuration will differ.

Configure SASL authentication

Now we should be able to connect to the ZNC server without gettings an Invalid password errors. However, looking at the logs for the freenode server connection, we can see that we’re being asked to authenticate our registered nick:


Time for SASL. Many of these steps are documented on the ZNC wiki, but they’re documented here for posterity.

First, load the module on ZNC:

/msg *status loadmodule sasl

Then, set the mechanism. We use PLAIN (plaintext), which is a-OK as we’re using SSL:

/msg *sasl mechanism PLAIN

Finally, supply your username and password:

/msg *sasl set <username> <password>

That should be the end the need to run pesky nickserv commands.

Wrap up

We now have authentication against the server, using a server password, and authentication against the nickserv, using SASL. Pretty much hassle free.