Hi,
I´m looking to set up a local IRC server on the latest Debian for me and some friends. I´d like to somehow restrict access to this server to only local *nix accounts.
I don´t want to make the server only accessible to users who are logged in over SSH. I also want to be able to use clients on our phones etc. I also don´t trust my friends completely, I don´t want them to be able to impersonate each other.
So, what I´m looking for is some basic auth on my IRC server, preferably something that hooks into the standard *nix accounts (via PAM?). I´ve searched around a bit, and the only things I came up with:
-
Make the server localhost only => then I won´t be able to use phone apps anymore.
-
Server password => this doesn´t solve the auth issue, my friends will still be able to impersonate each other.
-
Make the server localhost only and then let users connect via ZNC, which hooks into Cyrus SASL => this was a huge pain in the ass to set up, and still doesn´t work.
-
Do this via services somehow?
What would be the “correct” way to implement this?
Some of these issues are ones that were experienced and solved by the big IRC networks. They used different methods - nick registration and authentication via a bot, for instance.
The source for many of those is available. Why not see how others solved the problems? A brief look at the Charybdis IRCd source (at least the Freenode version) shows capabilities for limiting channel creation to authenticated users and what looks like built-in ChanServ and NickServ.
In any event, you may be worrying over nothing. I ran a friends-only IRC server back in the day and didn’t have issues with impersonation. I rarely saw any unknown users and it was easy to detect them because they weren’t part of my circle of friends. We had a couple bots that logged the channel and provided various services - it wouldn’t be hard to have one enforce security.