Open ghost opened 12 months ago
Kiwi does not support client certificate based auth, it does support SASL PLAIN though, entering password at the welcome screen should make it SASL auth on connect
I forgot to mention that the builtin identd server doesnt seem to work at all when using identd=true in the webirconfig config.
As a workaround you can install openbsd-inetd (or nullidentd) which provides a working and secure identd daemon. Anyways i would prefer webirc to not use sasl auth at all and use X-Forwarded-For header to identify users hostnames. In addition nginx can use a local DNS resolver to store valid DNS hostnames with dnsmasq.
I will look into the identd thing
webircgateway does use x-forwarded-for to get the correct ip which is then passed to the ircd via WEBIRC command
SASL auth is a method in which to login to nickserv during connection it is not used to pass the correct hostname for the user
Thanks for your help @ItsOnlyBinary. Here is a log file for this ticket. Interestingly now getting error "Not allowed to connect to default" when i use my sasl username and password to connect on ws.libera.chat. Btw i use quic/http3 for ws connection with kiwiirc. I also disable identd in the config. Finally I assume the "kiwiirc.com" user-agent string in the ws console (chromium) is purely decorative.
I hope this helps,
smart
Here is a screen capture of the browser view:
Documentation for SASL authentication is needed to understand how to connect on libera.chat servers using TLS 1.3 (aka forward secrecy). In contrast webirc connections to irc.freenode.net in tcp4 mode works as expected using kiwiirc transport (tls=false).
However inbound connections to libera.chat servers result in the following error message:
$ sudo systemctl status webircgateway