Hi,
I´m looking to set up a local IRC server on the latest Debian for me and some friends. I´d like to somehow restrict access to this server to only local *nix accounts.
I don´t want to make the server only accessible to users who are logged in over SSH. I also want to be able to use clients on our phones etc. I also don´t trust my friends completely, I don´t want them to be able to impersonate each other.
So, what I´m looking for is some basic auth on my IRC server, preferably something that hooks into the standard *nix accounts (via PAM?). I´ve searched around a bit, and the only things I came up with:
-
Make the server localhost only => then I won´t be able to use phone apps anymore.
-
Server password => this doesn´t solve the auth issue, my friends will still be able to impersonate each other.
-
Make the server localhost only and then let users connect via ZNC, which hooks into Cyrus SASL => this was a huge pain in the ass to set up, and still doesn´t work.
-
Do this via services somehow?
What would be the “correct” way to implement this?
I was playing around with prosody which is xmpp not IRC but does allow group chat, I have it behind authelia though I haven’t gotten single sign on to work properly (I think it’s due to it being an xmpp server). Ive got the conversejs plugin installed for a web chat service (if I choose to continue with it I’ll want to clean up an auto redirect).
I have it hooked into an LDAP user store as opposed to p. It looks like there is a pam module/extension available. Still need to check out if I’d prefer an web IRC application instead, or try the matrix line which looks heavier.
At the moment I haven’t exposed anything Ive been playing with outside my home network so I also want to start playing with mtls sometime in the future.