Hi,

I´m looking to set up a local IRC server on the latest Debian for me and some friends. I´d like to somehow restrict access to this server to only local *nix accounts.

I don´t want to make the server only accessible to users who are logged in over SSH. I also want to be able to use clients on our phones etc. I also don´t trust my friends completely, I don´t want them to be able to impersonate each other.

So, what I´m looking for is some basic auth on my IRC server, preferably something that hooks into the standard *nix accounts (via PAM?). I´ve searched around a bit, and the only things I came up with:

  • Make the server localhost only => then I won´t be able to use phone apps anymore.

  • Server password => this doesn´t solve the auth issue, my friends will still be able to impersonate each other.

  • Make the server localhost only and then let users connect via ZNC, which hooks into Cyrus SASL => this was a huge pain in the ass to set up, and still doesn´t work.

  • Do this via services somehow?

What would be the “correct” way to implement this?

  • LostLetterboxB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    I was playing around with prosody which is xmpp not IRC but does allow group chat, I have it behind authelia though I haven’t gotten single sign on to work properly (I think it’s due to it being an xmpp server). Ive got the conversejs plugin installed for a web chat service (if I choose to continue with it I’ll want to clean up an auto redirect).

    I have it hooked into an LDAP user store as opposed to p. It looks like there is a pam module/extension available. Still need to check out if I’d prefer an web IRC application instead, or try the matrix line which looks heavier.

    At the moment I haven’t exposed anything Ive been playing with outside my home network so I also want to start playing with mtls sometime in the future.

  • spauldo@lemmy.ml
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Some of these issues are ones that were experienced and solved by the big IRC networks. They used different methods - nick registration and authentication via a bot, for instance.

    The source for many of those is available. Why not see how others solved the problems? A brief look at the Charybdis IRCd source (at least the Freenode version) shows capabilities for limiting channel creation to authenticated users and what looks like built-in ChanServ and NickServ.

    In any event, you may be worrying over nothing. I ran a friends-only IRC server back in the day and didn’t have issues with impersonation. I rarely saw any unknown users and it was easy to detect them because they weren’t part of my circle of friends. We had a couple bots that logged the channel and provided various services - it wouldn’t be hard to have one enforce security.