SirrChat Docs

English

简体中文
日本語
한국어
العربية

English

简体中文
日本語
한국어
العربية

Appearance

Authentication System

SirrChat provides multiple flexible authentication methods, supporting everything from traditional passwords to modern blockchain signatures.

Authentication Methods

Blockchain Authentication

Passwordless authentication using blockchain wallets.

How It Works

  1. Client signs a random message with private key
  2. Server verifies signature and recovers wallet address
  3. Verify address matches user account

Configuration Example

toml
[auth.blockchain]
enabled = true
networks = ["ethereum", "bsc", "polygon"]

[auth.blockchain.rpc]
ethereum = "https://mainnet.infura.io/v3/YOUR-PROJECT-ID"
bsc = "https://bsc-dataseed.binance.org"
polygon = "https://polygon-rpc.com"

Supported Networks

  • Ethereum (ETH)
  • BNB Smart Chain (BSC)
  • Polygon (MATIC)
  • All EVM-compatible chains

Client Usage

javascript
// Generate signature
const message = `Login to SirrChat: ${timestamp}`;
const signature = await web3.eth.personal.sign(message, address);

// SMTP AUTH
AUTH BLOCKCHAIN
<address>
<signature>
<message>

LDAP Authentication

Integration with enterprise LDAP directory services.

Configuration

toml
[auth.ldap]
enabled = true
server = "ldap://ldap.example.com:389"
bind_dn = "cn=admin,dc=example,dc=com"
bind_password = "password"
user_base = "ou=users,dc=example,dc=com"
user_filter = "(uid={username})"

Active Directory

toml
[auth.ldap]
server = "ldap://dc.example.com:389"
bind_dn = "cn=Administrator,cn=Users,dc=example,dc=com"
bind_password = "password"
user_base = "cn=Users,dc=example,dc=com"
user_filter = "(sAMAccountName={username})"

PAM Authentication

Use Linux system accounts for authentication.

Configuration

toml
[auth.pam]
enabled = true
service = "sirrchat"

PAM Configuration File

Create /etc/pam.d/sirrchat:

auth       required     pam_unix.so
account    required     pam_unix.so

Database Authentication

Traditional username/password authentication.

Configuration

toml
[auth.database]
enabled = true
password_hash = "bcrypt"  # bcrypt, argon2, scrypt

Create User

bash
sirrchatd user create \
  --username user@example.com \
  --password secretpassword

Multi-Factor Authentication (MFA)

TOTP

Time-based One-Time Password.

toml
[auth.mfa]
enabled = true
issuer = "SirrChat"

Enable MFA

bash
sirrchatd mfa enable --user user@example.com

Hardware Keys

Support for FIDO2/WebAuthn hardware keys.

toml
[auth.mfa.webauthn]
enabled = true
rp_name = "SirrChat Mail Server"

Authentication Protocols

SASL Mechanisms

Supported SASL authentication mechanisms:

  • PLAIN: Plain text password (requires TLS)
  • LOGIN: Login authentication
  • CRAM-MD5: Challenge-response authentication
  • SCRAM-SHA-256: Secure authentication
  • BLOCKCHAIN: Custom blockchain authentication

Configuration Example

toml
[auth.sasl]
mechanisms = ["PLAIN", "LOGIN", "BLOCKCHAIN"]
require_tls = true

Access Control

IP Whitelist

toml
[auth.access_control]
allowed_ips = ["192.168.1.0/24", "10.0.0.0/8"]

IP Blacklist

toml
[auth.access_control]
blocked_ips = ["203.0.113.0/24"]

Geographic Restrictions

toml
[auth.geo]
enabled = true
allowed_countries = ["US", "GB", "CA"]

Session Management

Session Configuration

toml
[auth.session]
# Session timeout (seconds)
timeout = 3600

# Maximum concurrent sessions
max_sessions = 10

# Session token length
token_length = 32

Session Storage

  • Memory: Fast but not persistent
  • Redis: Distributed session management
  • Database: Persistent storage
toml
[auth.session.storage]
type = "redis"
redis_url = "redis://localhost:6379/0"

Password Policy

Password Requirements

toml
[auth.password_policy]
min_length = 12
require_uppercase = true
require_lowercase = true
require_digits = true
require_special = true

Password History

toml
[auth.password_policy]
remember_count = 5  # Remember last 5 passwords
expiry_days = 90    # Expire after 90 days

Security Features

Brute Force Protection

toml
[auth.security]
max_attempts = 5
lockout_duration = 300  # 5 minutes

Anomaly Detection

toml
[auth.anomaly_detection]
enabled = true
alert_on_new_ip = true
alert_on_new_device = true

Audit Logs

Logged Events

  • Login attempts (success/failure)
  • Password changes
  • MFA status changes
  • Session creation/destruction

Log Format

json
{
  "timestamp": "2025-01-15T10:30:00Z",
  "event": "login_success",
  "user": "user@example.com",
  "ip": "192.168.1.100",
  "method": "blockchain"
}

API Authentication

API Keys

bash
sirrchatd api-key create --user user@example.com

OAuth 2.0

toml
[auth.oauth]
enabled = true
provider = "custom"
client_id = "sirrchat"
client_secret = "secret"

Best Practices

  1. Always Use TLS: Encrypt authentication credentials in transit
  2. Enable MFA: Improve account security
  3. Rotate Keys Regularly: Update API keys and passwords
  4. Monitor Anomalies: Set up alert notifications
  5. Principle of Least Privilege: Grant only necessary permissions

Related documentation:

Released under the GPL 3.0 License.

Copyright © 2025 SirrChat Team