https://www.unrealircd.org/docs/Authentication
And "require sasl" is now "require authentication"
(the old name will only raise a warning, not cause an error)
Note that authprompt currently only does the "require authentication"
stuff and not yet the soft-xx actions. That will be something for
later this week, but I've already documented it as such (here and
there anyway).
We previously introduced the "require sasl" block which allows you to
force users from certain IP addresses to authenticate with their nickname
and password via SASL. We now offer a new experimental module called
'saslemulation' which will help non-SASL users by showing a notice and
asking them to authenticate to their account via /AUTH <user>:<pass>.
See https://www.unrealircd.org/docs/Set_block#set::sasl-emulation
Note that this is work in progress, although the functionality of
already works. Still need to do some cleaning and expand the scope.
And more testing...
* The operclass privileges have been redone. Since there were 50+ changes
to the 100+ privileges it makes little sense to list the changes here.
If, like 99% of the users, you use default operclasses such as "globop"
and "admin-with-override" then you don't need to do anything.
However, if you have custom operclass { } blocks then the privileges
will have to be redone. For more information on the conversion process,
see https://www.unrealircd.org/docs/FAQ#New_operclass_permissions
For the new list of permissions, with much better naming and grouping:
https://www.unrealircd.org/docs/Operclass_permissions
The inconsistency in the privileges was initially reported by webczat in
https://bugs.unrealircd.org/view.php?id=4771
The subsequent reorganization took two full days, so.. hopefully the
people who are using - or plan to use - custom operclasses will like the
new layout... except that they need to redo their work of course ;)
deprecated because they can be cracked at high speeds. They still
work, but a warning will be shown on boot and on rehash.
Please use 'bcrypt' or (even better) the new 'argon2' type instead:
"./unrealircd mkpasswd argon2" or "/mkpasswd argon2 passwd" on IRC.
Also, not in release notes because it would take up too much text:
Unix crypt is a bit more complicated: most types are outright 'bad',
while other types have reasonable security similar to 'bcrypt'.
To be honest these people should probably use 'argon2' since it's
a lot better. Then again, warning about this when it's still such
a common hashing method (now, in 2018) may be a bit overzealous.
So: not warning about crypt types $5/$6 which use SHA256/SHA512
with normally at least 5000 rounds (unless deliberately weakened
by the user), but we do warn about other crypt() usage.
Also, mkpasswd support for those deprecated types has been removed since
there's no good reason to generate new password hashes with these.
any other bans that will cause the user to be disconnected.
For technical details see the banned_client() function.
It's likely I made some mistakes somewhere => testing required!!
from antirandom checking because they frequently cause false positives.
This new behavior can be disabled via:
set { antirandom { except-webirc no; }; };
Suggested by The_Myth in https://bugs.unrealircd.org/view.php?id=5007