about summary refs log tree commit diff
diff options
context:
space:
mode:
authorJune McEnroe <june@causal.agency>2019-11-06 22:37:57 -0500
committerJune McEnroe <june@causal.agency>2019-11-06 22:37:57 -0500
commit875b57fb9b1bd07f7e13c0391087d8d667327099 (patch)
tree1e641d0e63906d671d3e11a2e0029cb40512efc3
parentDocument pounce service configuration (diff)
downloadpounce-875b57fb9b1bd07f7e13c0391087d8d667327099.tar.gz
pounce-875b57fb9b1bd07f7e13c0391087d8d667327099.zip
Document SASL EXTERNAL configuration in more detail
Diffstat (limited to '')
-rw-r--r--pounce.132
1 files changed, 32 insertions, 0 deletions
diff --git a/pounce.1 b/pounce.1
index 35a2dd9..52bd9f0 100644
--- a/pounce.1
+++ b/pounce.1
@@ -164,6 +164,8 @@ Certificates can be generated with
 Authenticate using SASL EXTERNAL.
 The TLS client certificate is loaded with
 .Fl c .
+For more information, see
+.Sx Configuring SASL EXTERNAL .
 .
 .It Fl f Ar path , Cm save = Ar path
 Load the contents of the buffer from
@@ -247,6 +249,36 @@ specified by
 and
 .Fl K .
 .
+.Ss Configuring SASL EXTERNAL
+.Bl -enum
+.It
+Generate a new TLS client certificate:
+.Bd -literal -offset indent
+pounce -g example.pem
+.Ed
+.It
+Connect to the server using the certificate:
+.Bd -literal -offset indent
+client-cert = example.pem
+# or: pounce -c example.pem
+.Ed
+.It
+Identify with services or use
+.Cm sasl-plain ,
+then add the certificate fingerprint to your account:
+.Bd -literal -offset indent
+/msg NickServ CERT ADD
+.Ed
+.It
+Enable SASL EXTERNAL
+to require successful authentication when connecting:
+.Bd -literal -offset indent
+client-cert = example.pem
+sasl-external
+# or: pounce -e -c example.pem
+.Ed
+.El
+.
 .Ss Service Configuration
 Add the following to
 .Pa /etc/rc.conf