diff options
Diffstat (limited to 'pounce.1')
-rw-r--r-- | pounce.1 | 785 |
1 files changed, 513 insertions, 272 deletions
diff --git a/pounce.1 b/pounce.1 index b61527a..e4919d2 100644 --- a/pounce.1 +++ b/pounce.1 @@ -1,4 +1,4 @@ -.Dd February 27, 2020 +.Dd July 16, 2023 .Dt POUNCE 1 .Os . @@ -8,25 +8,29 @@ . .Sh SYNOPSIS .Nm -.Op Fl NTev -.Op Fl A Ar cert -.Op Fl C Ar cert -.Op Fl H Ar host -.Op Fl K Ar priv -.Op Fl P Ar port +.Op Fl LNTev +.Op Fl A Ar local-ca +.Op Fl C Ar local-cert +.Op Fl H Ar local-host +.Op Fl K Ar local-priv +.Op Fl P Ar local-port +.Op Fl Q Ar queue-interval +.Op Fl R Ar blind-req .Op Fl S Ar bind -.Op Fl U Ar unix -.Op Fl W Ar pass -.Op Fl a Ar auth -.Op Fl c Ar cert +.Op Fl U Ar local-path +.Op Fl W Ar local-pass +.Op Fl a Ar sasl-plain +.Op Fl c Ar client-cert .Op Fl f Ar save .Op Fl h Ar host .Op Fl j Ar join -.Op Fl k Ar priv +.Op Fl k Ar client-priv +.Op Fl m Ar mode .Op Fl n Ar nick .Op Fl p Ar port .Op Fl q Ar quit .Op Fl r Ar real +.Op Fl t Ar trust .Op Fl s Ar size .Op Fl u Ar user .Op Fl w Ar pass @@ -34,6 +38,13 @@ .Op Ar config ... . .Nm +.Fl o +.Op Fl S Ar bind +.Op Fl h Ar host +.Op Fl p Ar port +.Op Ar config ... +. +.Nm .Op Fl A Ar ca .Fl g Ar cert . @@ -43,23 +54,79 @@ .Sh DESCRIPTION The .Nm -daemon +program is a multi-client, TLS-only IRC bouncer. It maintains a persistent connection to an IRC server while allowing clients to connect and disconnect, receiving messages that were missed upon reconnection. -Clients should use the IRCv3.2 +Clients must uniquely identify themselves to +.Nm +by their IRC username +(not nickname). +The IRCv3 .Sy server-time -extension -to know when missed messages were received -and uniquely identify themselves by username. +extension is used to indicate +when messages were originally received. See .Sx Client Configuration for details. . .Pp +The local server portion of +.Nm +requires a TLS certificate, +which can be obtained for example +by an ACME client such as +.Xr acme-client 8 . +The private key +must be made readable by +the user running +.Nm . +. +.Pp +One instance of +.Nm +must be configured for each IRC network. +Instances of +.Nm +must either use different local ports with +.Cm local-port +or different local host names with +.Cm local-host +and +.Cm local-path +to be dispatched from the same port by +.Xr calico 1 . +. +.Pp +Client connections are not accepted +until successful login to the server. +If the server connection is lost, +the +.Nm +process exits. +. +.Pp Options can be loaded from files listed on the command line. +Files are searched for in +.Pa $XDG_CONFIG_DIRS/pounce +.Po +usually +.Pa ~/.config/pounce +.Pc +unless the path starts with +.Ql / , +.Ql \&./ +or +.Ql \&../ . +Certificate and private key paths +are searched for in the same manner. +Files and flags +listed later on the command line +take precedence over those listed earlier. +. +.Pp Each option is placed on a line, and lines beginning with .Ql # @@ -67,75 +134,80 @@ are ignored. The options are listed below following their corresponding flags. . -.Pp -The arguments are as follows: -. +.Ss Local Server Options .Bl -tag -width Ds -.It Fl A Ar path , Cm local-ca = Ar path +.It Fl A Ar path | Cm local-ca No = Ar path Require clients to authenticate using a TLS client certificate -signed by the certificate authority loaded from +either contained in +or signed by a certificate in +the file loaded from .Ar path . +The file is reloaded when the +.Dv SIGUSR1 +signal is received. See .Sx Generating Client Certificates . If -.Fl W +.Cm local-pass is also set, -clients may instead connect +clients may instead authenticate with a server password. . -.It Fl C Ar path , Cm local-cert = Ar path +.It Fl C Ar path | Cm local-cert No = Ar path Load TLS certificate from .Ar path . -The default path is the -.Xr certbot 8 -path for the +The file is reloaded when the +.Dv SIGUSR1 +signal is received. +The default path is +.Ar host Ns .pem , +where .Ar host -set by -.Fl H . +is set by +.Cm local-host . . -.It Fl H Ar host , Cm local-host = Ar host +.It Fl H Ar host | Cm local-host No = Ar host Bind to .Ar host . The default host is localhost. . -.It Fl K Ar path , Cm local-priv = Ar path +.It Fl K Ar path | Cm local-priv No = Ar path Load TLS private key from .Ar path . -The default path is the -.Xr certbot 8 -path for the +The file is reloaded when the +.Dv SIGUSR1 +signal is received. +The default path is +.Ar host Ns .key , +where .Ar host -set by -.Fl H . -. -.It Fl N , Cm no-names -Do not request -.Ql NAMES -for each channel when a client connects. -This avoids already connected clients -receiving unsolicited responses -but prevents new clients from populating user lists. -. -.It Fl P Ar port , Cm local-port = Ar port +is set by +.Cm local-host . +. +.It Fl L | Cm palaver +Advertise the +.Sy palaverapp.com +IRCv3 vendor-specific capability to clients. +This option only enables the capability; +push notifications must be provided by the +.Xr pounce-palaver 1 +special-purpose client. +. +.It Fl P Ar port | Cm local-port No = Ar port Bind to .Ar port . The default port is 6697. . -.It Fl S Ar host , Cm bind = Ar host -Bind to source address -.Ar host -when connecting to the server. -. -.It Fl T +.It Fl T | Cm no-sts Do not advertise a strict transport security (STS) policy to clients. . -.It Fl U Ar path , Cm local-path = Ar path +.It Fl U Ar path | Cm local-path No = Ar path Bind to a UNIX-domain socket at .Ar path . -Clients are accepted as sent by +Clients are only accepted as dispatched by .Xr calico 1 . If .Ar path @@ -143,14 +215,14 @@ is a directory, the .Ar host set by -.Fl H +.Cm local-host is appended to it. This option takes precedence over -.Fl H +.Cm local-host and -.Fl P . +.Cm local-port . . -.It Fl W Ar pass , Cm local-pass = Ar pass +.It Fl W Ar pass | Cm local-pass No = Ar pass Require the server password .Ar pass for clients to connect. @@ -159,12 +231,80 @@ The string must be hashed using .Fl x . If -.Fl A +.Cm local-ca is also set, -clients may instead connect +clients may instead authenticate using a TLS client certificate. . -.It Fl a Ar user : Ns Ar pass , Cm sasl-plain = Ar user : Ns Ar pass +.It Fl f Ar path | Cm save No = Ar path +Save and load the contents of the buffer from +.Ar path +in +.Pa $XDG_DATA_DIRS/pounce , +usually +.Pa ~/.local/share/pounce , +or an absolute or relative path if +.Ar path +starts with +.Ql / , +.Ql \&./ +or +.Ql \&../ . +The file is truncated after loading. +. +.It Fl s Ar size | Cm size No = Ar size +Set the number of messages contained in the buffer to +.Ar size . +This sets the maximum number +of recent messages +which can be relayed +to a reconnecting client. +The size must be a power of two. +The default size is 4096. +.El +. +.Ss Remote Server Options +.Bl -tag -width Ds +.It Fl N | Cm no-names +Do not request +.Ql NAMES +for each channel when a client connects. +This avoids already connected clients +receiving unsolicited responses +but prevents new clients from populating user lists. +. +.It Fl Q Ar ms | Cm queue-interval No = Ar ms +Set the server send queue interval in milliseconds. +The queue is used +to send automated messages from +.Nm +to the server. +Messages from clients +are sent to the server directly. +The default interval is 200 milliseconds. +. +.It Fl R Ar caps | Cm blind-req No = Ar caps +Blindly request the IRCv3 capabilities +.Ar caps , +which must be supported by +.Nm . +This can be used to enable hidden capabilities, +such as +.Sy userhost-in-names +on some networks. +. +.It Fl S Ar host | Cm bind No = Ar host +Bind to source address +.Ar host +when connecting to the server. +To connect from any address +over IPv4 only, +use 0.0.0.0. +To connect from any address +over IPv6 only, +use ::. +. +.It Fl a Ar user : Ns Ar pass | Cm sasl-plain No = Ar user : Ns Ar pass Authenticate as .Ar user with @@ -172,147 +312,148 @@ with using SASL PLAIN. Since this method requires the account password in plaintext, -it is recommended to use SASL EXTERNAL instead with -.Fl e . +it is recommended to use CertFP instead with +.Cm sasl-external . . -.It Fl c Ar path , Cm client-cert = Ar path +.It Fl c Ar path | Cm client-cert No = Ar path Load the TLS client certificate from .Ar path . If the private key is in a separate file, it is loaded with -.Fl k . +.Cm client-priv . With -.Fl e , +.Cm sasl-external , authenticate using SASL EXTERNAL. Certificates can be generated with .Fl g . . -.It Fl e , Cm sasl-external +.It Fl e | Cm sasl-external Authenticate using SASL EXTERNAL, also known as CertFP. The TLS client certificate is loaded with -.Fl c . -For more information, see +.Cm client-cert . +See .Sx Configuring CertFP . . -.It Fl f Ar path , Cm save = Ar path -Load the contents of the buffer from -.Ar path , -if it exists, -and truncate it. -On shutdown, -save the contents of the buffer to -.Ar path . -. -.It Fl g Ar path -Generate a TLS client certificate using -.Xr openssl 1 -and write it to -.Ar path . -The certificate is signed -by the certificate authority if -.Fl A -is set, -otherwise it is self-signed. -. -.It Fl h Ar host , Cm host = Ar host +.It Fl h Ar host | Cm host No = Ar host Connect to .Ar host . . -.It Fl j Ar chan , Cm join = Ar chan +.It Fl j Ar channels Oo Ar keys Oc | Cm join No = Ar channels Op Ar keys Join the comma-separated list of -.Ar chan . +.Ar channels +with the optional comma-separated list of channel +.Ar keys . . -.It Fl k Ar path , Cm client-priv = Ar path +.It Fl k Ar path | Cm client-priv No = Ar path Load the TLS client private key from .Ar path . . -.It Fl n Ar nick , Cm nick = Ar nick +.It Fl m Ar mode | Cm mode No = Ar mode +Set the user +.Ar mode . +. +.It Fl n Ar nick | Cm nick No = Ar nick Set nickname to .Ar nick . The default nickname is the user's name. . -.It Fl p Ar port , Cm port = Ar port +.It Fl p Ar port | Cm port No = Ar port Connect to .Ar port . The default port is 6697. . -.It Fl q Ar mesg , Cm quit = Ar mesg +.It Fl q Ar mesg | Cm quit No = Ar mesg Quit with message .Ar mesg when shutting down. . -.It Fl r Ar real , Cm real = Ar real +.It Fl r Ar real | Cm real No = Ar real Set realname to .Ar real . The default realname is the same as the nickname. . -.It Fl s Ar size , Cm size = Ar size -Set the number of messages contained in the buffer to -.Ar size . -The size must be a power of two. -The default size is 4096. +.It Fl t Ar path | Cm trust No = Ar path +Trust the certificate loaded from +.Ar path . +Server name verification is disabled. +See +.Sx Connecting to Servers with Self-signed Certificates . . -.It Fl u Ar user , Cm user = Ar user +.It Fl u Ar user | Cm user No = Ar user Set username to .Ar user . The default username is the same as the nickname. . -.It Fl v , Cm verbose -Write IRC messages to standard error -in red to the server, -green from the server, -yellow from clients -and blue to clients. -. -.It Fl w Ar pass , Cm pass = Ar pass +.It Fl w Ar pass | Cm pass No = Ar pass Log in with the server password .Ar pass . . -.It Fl x -Prompt for a password -and output a hash -for use with -.Fl W . -. -.It Fl y Ar mesg , Cm away = Ar mesg +.It Fl y Ar mesg | Cm away No = Ar mesg Set away status to .Ar mesg -when no clients are connected. +when no clients are connected +and no other away status has been set. .El . +.Ss Other Options +.Bl -tag -width Ds +.It Fl g Ar path +Generate a TLS client certificate using +.Xr openssl 1 +and write it to +.Ar path . +The certificate is signed +by the certificate authority if +.Fl A +is set, +otherwise it is self-signed. +. +.It Fl o +Print the server certificate chain +to standard output in PEM format +and exit. +. +.It Fl v | Cm verbose +Log IRC messages to standard output: .Pp -Client connections are not accepted -until successful login to the server. -If the server connection is lost, -the +.Bl -tag -width "<<" -compact +.It << +from +.Nm +to the server +.It >> +from the server to +.Nm +.It -> +from clients to +.Nm +.It <- +from .Nm -daemon exits. +to clients +.El . -.Pp -Upon receiving the -.Dv SIGUSR1 -signal, -the certificate and private key -will be reloaded from the paths -specified by -.Fl C -and -.Fl K . +.It Fl x +Prompt for a password +and output a hash +for use with +.Cm local-pass . +.El . .Ss Client Configuration Clients should be configured to connect to the host and port set by -.Fl H +.Cm local-host and -.Fl P , +.Cm local-port , with TLS or SSL enabled. If -.Fl W +.Cm local-pass is used, clients must send a server password. If -.Fl A +.Cm local-ca is used, clients must connect with a client certificate and may request SASL EXTERNAL. @@ -320,7 +461,7 @@ If both are used, clients may authenticate with either method. . .Pp -Clients should register with unique usernames, +Clients must register with unique usernames (not nicknames), for example the name of the client software or location from which it is connecting. New clients with the same username @@ -331,13 +472,33 @@ The nickname and real name sent by clients are ignored. . .Pp +Normally a client sending +.Ic QUIT +will simply be disconnected from +.Nm . +If, however, +the quit message +starts with the keyword +.Sy $pounce , +.Nm +itself will quit. +The remainder of the message +following the keyword +will be used as +.Nm Ap s +quit message, +or the default set by +.Cm quit +if there isn't any. +. +.Pp Clients which request the .Sy causal.agency/passive capability or with usernames beginning with hyphen .Ql - are considered passive -and do not affect away status. +and do not affect automatic away status. . .Pp Pass-through of the following IRCv3 capabilities @@ -348,7 +509,9 @@ is supported: .Sy batch , .Sy cap-notify , .Sy chghost , +.Sy echo-message , .Sy extended-join , +.Sy extended-monitor , .Sy invite-notify , .Sy labeled-response , .Sy message-tags , @@ -366,23 +529,54 @@ not to the server. .Ss Generating Client Certificates .Bl -enum .It -Generate a self-signed certificate authority (CA): +Generate self-signed client certificates and private keys: +.Bd -literal -offset indent +$ pounce -g client1.pem +$ pounce -g client2.pem +.Ed +.It +Concatenate the certificate public keys into a CA file: +.Bd -literal -offset indent +$ openssl x509 -subject -in client1.pem \e + >> ~/.config/pounce/auth.pem +$ openssl x509 -subject -in client2.pem \e + >> ~/.config/pounce/auth.pem +.Ed +.It +Configure +.Nm +to verify client certificates +against the CA file: +.Bd -literal -offset indent +local-ca = auth.pem +# or: $ pounce -A auth.pem +.Ed +.El +. +.Pp +Alternatively, +client certificates can be signed +by a generated certificate authority: +. +.Bl -enum +.It +Generate a self-signed certificate authority: .Bd -literal -offset indent -pounce -g auth.pem +$ pounce -g auth.pem .Ed .It Generate and sign client certificates using the CA: .Bd -literal -offset indent -pounce -A auth.pem -g client1.pem -pounce -A auth.pem -g client2.pem +$ pounce -A auth.pem -g client1.pem +$ pounce -A auth.pem -g client2.pem .Ed .It Since only the public key is needed for certificate verification, extract it from the CA: .Bd -literal -offset indent -openssl x509 -in auth.pem -out auth.crt +$ openssl x509 -in auth.pem -out ~/.config/pounce/auth.crt .Ed .It Configure @@ -391,7 +585,7 @@ to verify client certificates against the CA: .Bd -literal -offset indent local-ca = auth.crt -# or: pounce -A auth.crt +# or: $ pounce -A auth.crt .Ed .El . @@ -400,13 +594,13 @@ local-ca = auth.crt .It Generate a new TLS client certificate: .Bd -literal -offset indent -pounce -g example.pem +$ pounce -g ~/.config/pounce/example.pem .Ed .It Connect to the server using the certificate: .Bd -literal -offset indent client-cert = example.pem -# or: pounce -c example.pem +# or: $ pounce -c example.pem .Ed .It Identify with services or use @@ -421,68 +615,27 @@ to require successful authentication when connecting: .Bd -literal -offset indent client-cert = example.pem sasl-external -# or: pounce -e -c example.pem +# or: $ pounce -e -c example.pem .Ed .El . -.Ss Service Configuration -Add the following to -.Pa /etc/rc.conf -to enable the -.Nm -daemon: -.Bd -literal -offset indent -pounce_enable="YES" -.Ed -. -.Pp -By default, -the -.Nm -daemon is started in the -.Pa /usr/local/etc/pounce -directory. -Configuration files in that location -can be loaded by setting -.Va pounce_flags : +.Ss Connecting to Servers with Self-signed Certificates +.Bl -enum +.It +Connect to the server +and write its certificate to a file: .Bd -literal -offset indent -pounce_flags="example.conf" +$ pounce -o -h irc.example.org > ~/.config/pounce/example.pem .Ed -. -.Pp -The +.It +Configure .Nm -service supports profiles -for running multiple instances. -Set -.Va pounce_profiles -to a space-separated list of names. -Flags for each profile will be set from -.Va pounce_${profile}_flags . -For example: +to trust the certificate: .Bd -literal -offset indent -pounce_profiles="example1 example2" -pounce_example1_flags="example1.conf" -pounce_example2_flags="example2.conf" +trust = example.pem +# or: $ pounce -t example.pem .Ed -. -.Pp -The commands -.Cm start , stop , -etc.\& -will operate on the profile given as an additional argument, -or on all profiles without an additional argument. -. -.Pp -The -.Cm reload -command will cause the -.Nm -daemon to reload certificate files. -To reload other configuration, -use the -.Cm restart -command. +.El . .Sh ENVIRONMENT .Bl -tag -width Ds @@ -490,94 +643,203 @@ command. The default nickname. .El . +.Sh FILES +.Bl -tag -width Ds +.It Pa $XDG_CONFIG_DIRS/pounce +Configuration files, certificates and private keys +are searched for first in +.Ev $XDG_CONFIG_HOME , +usually +.Pa ~/.config , +followed by the colon-separated list of paths +.Ev $XDG_CONFIG_DIRS , +usually +.Pa /etc/xdg . +.It Pa ~/.config/pounce +The most likely location of configuration files. +. +.It Pa $XDG_DATA_DIRS/pounce +Save files are searched for first in +.Ev $XDG_DATA_HOME , +usually +.Pa ~/.local/share , +followed by the colon-separated list of paths +.Ev $XDG_DATA_DIRS , +usually +.Pa /usr/local/share:/usr/share . +New save files are created in +.Ev $XDG_DATA_HOME . +.It Pa ~/.local/share/pounce +The most likely location of save files. +.El +. .Sh EXAMPLES -Configuration on the command line: +Start +.Nm : .Bd -literal -offset indent -pounce -H pounce.example.org -h chat.freenode.net -j '#ascii.town' +$ pounce -H irc.example.org -h irc.tilde.chat -j '#ascii.town' .Ed -. .Pp -Configuration in a file: +Write an equivalent configuration file to +.Pa ~/.config/pounce/tilde.conf : .Bd -literal -offset indent -local-host = pounce.example.org -host = chat.freenode.net +local-host = irc.example.org +host = irc.tilde.chat join = #ascii.town .Ed +.Pp +Load the configuration file: +.Bd -literal -offset indent +$ pounce tilde.conf +.Ed +. +.Pp +Add a certificate to +.Xr acme-client.conf 5 : +.Bd -literal -offset indent +domain irc.example.org { + domain key "/home/user/.config/pounce/irc.example.org.key" + domain full chain certificate \e + "/home/user/.config/pounce/irc.example.org.pem" + sign with letsencrypt +} +.Ed +.Pp +Obtain the certificate +and make the private key readable by +.Nm : +.Bd -literal -offset indent +# acme-client irc.example.org +# chown user /home/user/.config/pounce/irc.example.org.key +.Ed +.Pp +Renew and reload the certificate with a +.Xr cron 8 +job: +.Bd -literal -offset indent +~ * * * * acme-client irc.example.org && pkill -USR1 pounce +.Ed +. +.Sh DIAGNOSTICS +Upon receiving the +.Dv SIGINFO +signal, +.Nm +prints the current producer position +and the positions of each consumer +identified by username. +Following each consumer position +is the number by which it trails the producer. +On systems lacking +.Dv SIGINFO , +.Dv SIGUSR2 +is used. +. +.Pp +If a client reconnects +after having missed more messages +than the size of the buffer, +.Nm +will print a warning: +.Bd -ragged -offset indent +consumer +.Em name +dropped +.Em n +messages +.Ed +.Pp +The size of the buffer +can be adjusted with +.Fl s . . .Sh SEE ALSO .Xr calico 1 . .Sh STANDARDS -The -.Nm -daemon implements the following: -. .Bl -item .It .Rs -.%A Attila Molnar +.%A Waldo Bastian +.%A Ryan Lortie +.%A Lennart Poettering +.%T XDG Base Directory Specification +.%U https://specifications.freedesktop.org/basedir-spec/basedir-spec-latest.html +.%D November 24, 2010 +.Re +.It +.Rs +.%A Kyle Fuller +.%A St\('ephan Kochen +.%A Alexey Sokolov .%A James Wheare -.%T IRCv3 Strict Transport Security +.%T server-time Extension .%I IRCv3 Working Group -.%U https://ircv3.net/specs/extensions/sts +.%U https://ircv3.net/specs/extensions/server-time .Re .It .Rs +.%A Lee Hardy +.%A Perry Lorier +.%A Kevin L. Mitchell .%A Attila Molnar +.%A Daniel Oakley .%A William Pitcock -.%T IRCv3.2 SASL Authentication +.%A James Wheare +.%T IRCv3 Client Capability Negotiation .%I IRCv3 Working Group -.%U https://ircv3.net/specs/extensions/sasl-3.2 +.%U https://ircv3.net/specs/core/capability-negotiation .Re .It .Rs -.%A C. Kalt -.%T Internet Relay Chat: Client Protocol +.%A S. Josefsson +.%T The Base16, Base32, and Base64 Data Encodings .%I IETF -.%N RFC 2812 -.%D April 2000 -.%U https://tools.ietf.org/html/rfc2812 +.%R RFC 4648 +.%U https://tools.ietf.org/html/rfc4648 +.%D October 2006 .Re .It .Rs -.%A K. Zeilenga, Ed. -.%T The PLAIN Simple Authentication and Security Layer (SASL) Mechanism +.%A C. Kalt +.%T Internet Relay Chat: Client Protocol .%I IETF -.%N RFC 4616 -.%D August 2006 -.%U https://tools.ietf.org/html/rfc4616 +.%R RFC 2812 +.%U https://tools.ietf.org/html/rfc2812 +.%D April 2000 .Re .It .Rs -.%A Kevin L. Mitchell -.%A Perry Lorier -.%A Lee Hardy -.%A William Pitcock .%A Attila Molnar -.%A Daniel Oakley .%A James Wheare -.%T IRCv3 Client Capability Negotiation +.%T IRCv3 Strict Transport Security .%I IRCv3 Working Group -.%U https://ircv3.net/specs/core/capability-negotiation +.%U https://ircv3.net/specs/extensions/sts .Re .It .Rs -.%A S. Josefsson -.%T The Base16, Base32, and Base64 Data Encodings -.%I IETF -.%N RFC 4648 -.%D October 2006 -.%U https://tools.ietf.org/html/rfc4648 +.%A Attila Molnar +.%A William Pitcock +.%T IRCv3.2 SASL Authentication +.%I IRCv3 Working Group +.%U https://ircv3.net/specs/extensions/sasl-3.2 .Re .It .Rs -.%A St\('ephan Kochen -.%A Alexey Sokolov -.%A Kyle Fuller -.%A James Wheare -.%T IRCv3.2 server-time Extension +.%A Simon Ser +.%A delthas +.%T Read marker .%I IRCv3 Working Group -.%U https://ircv3.net/specs/extensions/server-time-3.2 +.%U https://ircv3.net/specs/extensions/read-marker +.Re +.It +.Rs +.%A K. Zeilenga, Ed. +.%T The PLAIN Simple Authentication and Security Layer (SASL) Mechanism +.%I IETF +.%R RFC 4616 +.%U https://tools.ietf.org/html/rfc4616 +.%D August 2006 .Re .El . @@ -618,7 +880,7 @@ indicate if capabilities MUST NOT have values. The .Nm -daemon parses +implementation parses .Ql CAP REQ values in the same way as .Ql CAP LS @@ -632,36 +894,15 @@ indicates that a client should not affect the automatic away status. . .Sh AUTHORS -.An June Bug Aq Mt june@causal.agency -. -.Sh CAVEATS -One instance of -.Nm , -and therefore one local port, -is required for each server connection. -Alternatively, -the -.Xr calico 1 -daemon can be used to dispatch from one local port -to many instances of -.Nm -using Server Name Indication. -. -.Pp -The -.Nm -daemon makes no distinction between channels. -Elevated activity in one channel -may push messages from a quieter channel -out of the buffer. +.An June McEnroe Aq Mt june@causal.agency . .Sh BUGS Send mail to -.Aq Mt june@causal.agency +.Aq Mt list+pounce@causal.agency or join .Li #ascii.town on -.Li chat.freenode.net . +.Li irc.tilde.chat . . .Pp A client will sometimes receive its own message, |