Merge pull request #1783 from slingamn/scram_mechanisms

remove SCRAM-SHA-256 from advertised SASL mechanisms
2026-05-29 21:39:26 -07:00 · 2021-08-25 21:03:29 -04:00
parent 9c77f89bc2 a1d4b8ac82
commit 0baaf0b711
2 changed files with 8 additions and 2 deletions
--- a/irc/config.go
+++ b/irc/config.go
@@ -303,6 +303,7 @@ func (t *ThrottleConfig) UnmarshalYAML(unmarshal func(interface{}) error) (err e
 type AccountConfig struct {
 	Registration          AccountRegistrationConfig
 	AuthenticationEnabled bool `yaml:"authentication-enabled"`
+	AdvertiseSCRAM        bool `yaml:"advertise-scram"` // undocumented, see #1782
 	RequireSasl           struct {
 		Enabled      bool
 		Exempted     []string
@@ -1379,7 +1380,12 @@ func LoadConfig(filename string) (config *Config, err error) {
 		config.Accounts.VHosts.validRegexp = defaultValidVhostRegex
 	}

-	config.Server.capValues[caps.SASL] = "PLAIN,EXTERNAL,SCRAM-SHA-256"
+	saslCapValue := "PLAIN,EXTERNAL,SCRAM-SHA-256"
+	// TODO(#1782) clean this up:
+	if !config.Accounts.AdvertiseSCRAM {
+		saslCapValue = "PLAIN,EXTERNAL"
+	}
+	config.Server.capValues[caps.SASL] = saslCapValue
 	if !config.Accounts.AuthenticationEnabled {
 		config.Server.supportedCaps.Disable(caps.SASL)
 	}
--- a/2
+++ b/2