From 875b57fb9b1bd07f7e13c0391087d8d667327099 Mon Sep 17 00:00:00 2001
From: "C. McEnroe" <june@causal.agency>
Date: Wed, 6 Nov 2019 22:37:57 -0500
Subject: Document SASL EXTERNAL configuration in more detail

---
 pounce.1 | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)

(limited to 'pounce.1')

diff --git a/pounce.1 b/pounce.1
index 35a2dd9..52bd9f0 100644
--- a/pounce.1
+++ b/pounce.1
@@ -164,6 +164,8 @@ Certificates can be generated with
 Authenticate using SASL EXTERNAL.
 The TLS client certificate is loaded with
 .Fl c .
+For more information, see
+.Sx Configuring SASL EXTERNAL .
 .
 .It Fl f Ar path , Cm save = Ar path
 Load the contents of the buffer from
@@ -247,6 +249,36 @@ specified by
 and
 .Fl K .
 .
+.Ss Configuring SASL EXTERNAL
+.Bl -enum
+.It
+Generate a new TLS client certificate:
+.Bd -literal -offset indent
+pounce -g example.pem
+.Ed
+.It
+Connect to the server using the certificate:
+.Bd -literal -offset indent
+client-cert = example.pem
+# or: pounce -c example.pem
+.Ed
+.It
+Identify with services or use
+.Cm sasl-plain ,
+then add the certificate fingerprint to your account:
+.Bd -literal -offset indent
+/msg NickServ CERT ADD
+.Ed
+.It
+Enable SASL EXTERNAL
+to require successful authentication when connecting:
+.Bd -literal -offset indent
+client-cert = example.pem
+sasl-external
+# or: pounce -e -c example.pem
+.Ed
+.El
+.
 .Ss Service Configuration
 Add the following to
 .Pa /etc/rc.conf
-- 
cgit 1.4.1