Cuff-Link Auth Server Settings

**NOTE** This is intended for use with the Cuff-Link network and will likely be added to over time.


For all clients, it will be enabling SASL PLAIN using SSL port 7797.  For clients that don’t specify a SASL Username, the regular Username/Ident and sometimes the entered nick are used as SASL Username.  Some instances require forcing to IPv4, in which case use as the server address instead of  SSLFP/SASL External is supported as well, see this post for more info about creating a client cert and see notes on the specific clients that are known.  Note that SSLFP can be supported without being used as SASL External as well, so keep that in mind – still allows for passwordless identification but is only post-connect as opposed to during so it won’t work on the auth servers.

Desktop Clients


Android Clients

iOS Clients

Unsupported Clients

Desktop Clients with SASL:


Required Fields: ‘server‘ as shown in light blue, both SSL checkboxes, uncheck ‘Use global user information’, ‘User name‘ must be a registered nick, ‘Login method‘ changes to SASL (username + password), ‘Password‘ is your nickserv password.

SSLFP/SASL External is available and detailed in this howto.


Main server page

Required Fields: ‘Username‘ is your registered nick, ‘Password‘ is your nickserv password, ‘Login Method‘ is SASL (username + password).  Adjust checkboxes as desired and make sure to have a primary and alternate nicks filled in.

Specific server to add

On the Server tab, click Add and fill in as above.

SSLFP/SASL External is supported under the SSL tab for loading the cert and change the Login Method accordingly.


Required Fields: ‘Server port‘ updates to 7797, verify that the “Connect with SSL” box is checked [Note: Do not check “Accept invalid SSL Certificates” – Our certificates are no longer self-signed!]; uncheck ipv6 since it seems to be acting weird.  If necessary, update the server to to force it to ipv4.

Required Fields: ‘Connect with SASL‘ checkbox will allow the next two boxes, ‘SASL user‘ is your registered nick, ‘SASL password‘ is your nickserv password.

See the howto for information on the other boxes or initial basic setup.  Note that IceChat7 does not support SASL and even IceChat9 has to be one of the latest versions, 9.13+.


Versions 0.8.18 and later have SASL built in.

/network add -sasl_username <registerednick> -sasl_password <password> -sasl_mechanism PLAIN Cuff-Link
/server add -auto -net Cuff-Link -ssl 7797

See Arch’s howto here for info on SSLFP; the mechanism will then change to EXTERNAL.


See their startup guide here and adjust as necessary per the above.  Also see the FAQ here for info on SSL server certificates.

NOTE – The server is and SSL port is 7797.  All else is the same.


Specific server
SASL settings – Note SSLFP/SASL External is available under the identities properties


Specific server
SASL settings – Note SSLFP/SASL External is available under “Type”


Amazingly a revived project, and seems to include SASL.  Check the current wiki here.

NOTE – The server is and SSL port is 7797.  All else is the same.


See their wiki here; there is also a link there for the SSLFP aka certfp option.  By default available on our ZNC service as well, see here.

NOTE – Theserver is and SSL port is 7797.  All else is the same.


Webclients with SASL:



Required Fields: Tap the cog in the lower right hand corner to get to the menu and either add or edit network depending on stage.  Once in the network screen, tap ‘Network‘ and scroll down to Cuff-Link which should automatically populate the hostname, port, and SSL as shown.  Then just fill in ‘Nickname‘ as your registered nick, and ‘Nickserv‘ is your nickserv password; it will automatically default to SASL to connect.  It is highly suggested to group your automatic alternate nick which for example if your primary nick is yournick, do /nick yournick_ and use /ns group to attach it.  Reason being is irccloud doesn’t have a way to have secondary nicks, it automatically uses this method.  Just remember to use it within 90 days so it doesn’t expire.

NOTE Due to the way irccloud exists, it is not necessary to change the port from 6697 [SSL] unless wanting to specifically be on the auth servers.  Also note that the free version has a 2 hour idle timer whereas the paid version allows unlimited connectivity to the server (Connection closed for inactivity).

Android Mobile clients with SASL:

Most of these are a matter of editing the red sections, those are the mandatory parts that make a difference, there may be other info needed [noted below] and other settings that make your chatting experience more useful.


This is the only client that supports SSLFP that I know of, however not as SASL External.  See the howto here for some other useful details in the settings if this is your first usage.  Ad supported for free version but is only a footer banner on the startup screen.

NOTE – The difference from the howto is the port is 7797.  All else is the same.


IRC for Android:

See SimpleIrc, this is probably the closest in style.





Scroll down to click on “Authentication”.


Simple Irc:



Hermes is ad-supported, and appears to show full-screen ads when disconnecting from the server.  Its a bit of a different interface than the usual clients as well.



Scroll down to click on “Authentication”.  Atomic is in development, but seems promising.



iOS clients with SASL:

Screenshots are a bit harder to come by in this category, so most will be references.  Same information will apply:

  • Server:
  • Port: 7797 [SSL]
  • SASL Username or Username: your registered nick
  • SASL Password: your nickserv password

Both mobile and desktop are included here since quite a few cross over, with the exception of Hexchat since it is listed above.


Simply change the port to 7797 and verify SSL is checked.  Username must be registered nick; it will automatically use SASL.


Mobline only; Direct from Palaver’s site, their getting started how-to; it does have ZNC integration as well.


iOS only; free:











Textual will default to attempting SASL, so for many its updating a couple fields:





Required Fields:  In the general information for the server: ‘Server Address’ is or if using ipv6 [if you get odd errors, try this].  ‘Port’ is 7797 and check ‘Connect Securely’.  Choose reconnect options if desired.  Next move down to Identity: ‘Nickname’ is your nick, ‘Username’ MUST be your registered nick, ‘Personal Password’ is your nickserv password.


See the wikihow here; most of the settings necessary will be in the advanced section.

Unsupported Clients

  • mIRC and mIRC based scripts – as of version 7.48, mIRC now includes SASL authentication, but beyond this post we are not supporting it, since it’s still not implemented properly [using an actual account name vs. pulling from nickname fields], as well as the other issues that remain.
  • KVIrc – has options for using SASL, but has not had an update in over 5 years. No longer supported.
  • TurboIRC – doesn’t even handle basic authentication
  • nettalk – not in development
  • hydrairc –  not in development
  • xchat – upgrade to hexchat for the maintained fork, old confs and scripts will port
  • ByrdIRC – has a box for SASL, but does not have a way to specify port or SSL
  • Chatzilla – doesn’t have SASL at all
  • Pidgin – technically has SASL, but you’re on your own
  • Adium – same category as pidgin, doesn’t appear to be anywhere in the works
  • CIRC – shows promise for chrome, but SASL not officially listed
  • IceChat7 – not included at all
  • IceChat9* – says it has SASL, but versions prior to 9.13 don’t appear to work
  • PsyBNC – not in development, see ZNC
  • Snak – doesn’t appear to be in development
  • pirch – don’t even ask about this one
  • vortex – fork of pirch that is just as old
  • ircII – well they did add SSL in 2014, but no SASL.  There may be forks
  • LeafChat – not in development
  • KiwiIRC – cannot use the port needed for authorisation settings.
  • rooms – website says in development, feature list doesn’t include SASL
  • AndChat – not in development

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

2 thoughts on “Cuff-Link Auth Server Settings”