Ergo, formerly oragono, supports LDAP and possibly SAML. This is not something I have set up, but I have hosted a public ergo server before.
Good luck.
cc /u/badass6 — no need to wait a day.
Ergo, formerly oragono, supports LDAP and possibly SAML. This is not something I have set up, but I have hosted a public ergo server before.
Good luck.
cc /u/badass6 — no need to wait a day.
I was playing around with prosody which is xmpp not IRC but does allow group chat, I have it behind authelia though I haven't gotten single sign on to work properly (I think it's due to it being an xmpp server). Ive got the conversejs plugin installed for a web chat service (if I choose to continue with it I'll want to clean up an auto redirect).
I have it hooked into an LDAP user store as opposed to p. It looks like there is a pam module/extension available. Still need to check out if I'd prefer an web IRC application instead, or try the matrix line which looks heavier.
At the moment I haven't exposed anything Ive been playing with outside my home network so I also want to start playing with mtls sometime in the future.
Some of these issues are ones that were experienced and solved by the big IRC networks. They used different methods - nick registration and authentication via a bot, for instance.
The source for many of those is available. Why not see how others solved the problems? A brief look at the Charybdis IRCd source (at least the Freenode version) shows capabilities for limiting channel creation to authenticated users and what looks like built-in ChanServ and NickServ.
In any event, you may be worrying over nothing. I ran a friends-only IRC server back in the day and didn't have issues with impersonation. I rarely saw any unknown users and it was easy to detect them because they weren't part of my circle of friends. We had a couple bots that logged the channel and provided various services - it wouldn't be hard to have one enforce security.
Classic irc does have a totally different design philosophy. Try some other text based chat servers with user authentication.
ngircd has the concept of a global password. Distribute this password and you’ve got a simple psk based acl mechanism
Ahh, good old IRC. Look into something like InspIRCd. It should already allow you to restrict channel creation to registered accounts. Then combine that with something like Atheme or Anope IRC Services. I couldn't find any PAM modules, but Atheme should at least support an external database (back in the day we used a mysql backend).
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
For Example
We welcome posts that include suggestions for good self-hosted alternatives to popular online services, how they are better, or how they give back control of your data. Also include hints and tips for less technical readers.
Useful Lists