Configuring SASL for irssi

This script, by Michael Tharp and Jilles Tjoelker, comes from Authentication information is stored in ~/.irssi/sasl.auth.

  1. Copy the script,, into your ~/.irssi/scripts/autorun directory or from wherever irssi loads startup scripts.

  2. The script requires at least the Perl module MIME::Base64. If you're using Linux, Perl modules are generally in distribution repositories, or you can get them directly from CPAN. If you cannot install them for the whole system, you may be able to use local::lib.

  3. Load the script using /script load autorun/

  4. The script needs to be configured with /sasl set network nick password mechanism.

    • network is the (case-sensitive) name of the network specified with /network add.
    • nick is your primary registered nickname. A grouped nickname will not work.
    • password is your NickServ password.
    • mechanism is PLAIN.

      PLAIN sends your password unprotected, as plain text (which is fine when connecting over SSL, as the entire exchange is encrypted already).

      ECDSA-NIST256P-CHALLENGE is a certificate-based challenge authentication supported by newer versions of services. It requires additional code and components not supported by this script, but you can find an alternative version with Atheme's ecdsatool.

      DH-BLOWFISH is a deprecated mechanism that separately encrypted your services password before sending it to the server. DH-BLOWFISH is no longer supported. The following is retained temporarily for reference:

      To use DH-BLOWFISH, the Perl modules Crypt::OpenSSL::Bignum, Crypt::DH, Crypt::Blowfish, and Math::BigInt are required. If Crypt::DH is not available, Crypt::DH::GMP and Crypt::DH::GMP::Compat may be substituted instead. The script will still work using PLAIN without these modules.

  5. Save the settings with /sasl save.

  6. If everything has been configured correctly, the next time you connect you should see the message:

    SASL authentication successful

The script also supports /sasl show and /sasl load. Show lists currently-configured networks and the saved credentials. Load re-reads the sasl.auth file. A /sasl set network command with no other arguments will delete the configuration for that network.

If you know of any additions or corrections, or would like to contribute improvements, contact us at the email below.

Copyright © 2002 – 2014 by freenode Creative Commons License
Comments to email address: support at freenode dot net