x509 Authentication for SSL IRC

Question

Does anyone know if it's possible to do client authentication with x509 signed certificates on any IRCd server?

We'd like to set up a work irc server (yes, that's really what we want), but it'd be a bugger to have it inside our VPN. We know we can use SSL/IRC like Freenode do on port 7000, but ideally we'd like to be able to restrict by clients having our x509 client certificate.

Any ideas?

score 1 · Accepted Answer · answered Sep 25 '11 at 18:25

1

Ok, so it turn out that it's possible to do this with an inspircd module. I'm yet to actually implement it, because it turns out that I'm yet to find a client that can deliver a client side certificate.

answered Sep 25 '11 at 18:25

Tom O'Connor

27,440
10
72
148

score -1 · Answer 2 · answered Sep 07 '11 at 12:36

-1

If this is to be on a linux server, using SSH tunnels for access would be possible. This would provide for transport security, and if you demand keys, also cover that off too. It wouldn't work with any x509 infrastructure you might have, but requires very little effort to do.

answered Sep 07 '11 at 12:36

Jeff Warnica

474
2
8

I really don't see how using SSH tunnels is any different from a VPN, which was specifically excluded in the Question. Further requiring the issuance and tracking of another set of keys compounds the administrative overhead for this task. – Chris S Sep 25 '11 at 23:19

x509 Authentication for SSL IRC

2 Answers2