diff --git a/include/struct.h b/include/struct.h
index 1462b11d6..768b5edb4 100644
--- a/include/struct.h
+++ b/include/struct.h
@@ -1024,6 +1024,7 @@ struct _configflag_allow {
 	unsigned	useip :1;
 	unsigned	ssl :1;
 	unsigned	nopasscont :1;
+	unsigned	sasl :1;
 };
 
 struct _configitem_allow {
diff --git a/src/modules/m_nick.c b/src/modules/m_nick.c
index b3cdb759a..f9f18f90f 100644
--- a/src/modules/m_nick.c
+++ b/src/modules/m_nick.c
@@ -1712,6 +1712,8 @@ int	AllowClient(aClient *cptr, struct hostent *hp, char *sockhost, char *usernam
 			continue;
 		if (aconf->flags.ssl && !IsSecure(cptr))
 			continue;
+		if (aconf->flags.sasl && (!*cptr->user->svid || isdigit(*cptr->user->svid)))
+			continue;
 		if (hp && hp->h_name)
 		{
 			hname = hp->h_name;
diff --git a/src/s_conf.c b/src/s_conf.c
index 841866611..2bc4f4d2a 100644
--- a/src/s_conf.c
+++ b/src/s_conf.c
@@ -4932,8 +4932,10 @@ int	_conf_allow(ConfigFile *conf, ConfigEntry *ce)
 					allow->flags.noident = 1;
 				else if (!strcmp(cepp->ce_varname, "useip"))
 					allow->flags.useip = 1;
-				else if (!strcmp(cepp->ce_varname, "ssl"))
+				else if (!strcmp(cepp->ce_varname, "ssl") || !strcmp(cepp->ce_varname, "require-ssl"))
 					allow->flags.ssl = 1;
+				else if (!strcmp(cepp->ce_varname, "sasl") || !strcmp(cepp->ce_varname, "require-sasl"))
+					allow->flags.sasl = 1;
 				else if (!strcmp(cepp->ce_varname, "nopasscont"))
 					allow->flags.nopasscont = 1;
 			}
@@ -5131,7 +5133,9 @@ int	_test_allow(ConfigFile *conf, ConfigEntry *ce)
 				{}
 				else if (!strcmp(cepp->ce_varname, "useip"))
 				{}
-				else if (!strcmp(cepp->ce_varname, "ssl"))
+				else if (!strcmp(cepp->ce_varname, "ssl") || !strcmp(cepp->ce_varname, "require-ssl"))
+				{}
+				else if (!strcmp(cepp->ce_varname, "sasl") || !strcmp(cepp->ce_varname, "require-sasl"))
 				{}
 				else if (!strcmp(cepp->ce_varname, "nopasscont"))
 				{}