+\fBOperServerMode\fR (boolean)
+If \fBOperCanUseMode\fR is enabled, this may lead the compatibility problems
+with Servers that run the ircd-irc2 Software. This Option "masks" mode
+requests by non-chanops as if they were coming from the server. Default: no;
+only enable it if you have ircd-irc2 servers in your IRC network.
+.TP
+\fBPAM\fR (boolean)
+If ngIRCd is compiled with PAM support this can be used to disable all calls
+to the PAM library at runtime; all users connecting without password are
+allowed to connect, all passwords given will fail.
+Users identified using PAM are registered without the "~" character
+prepended to their user name.
+Default: yes.
+.TP
+\fBPAMIsOptional\fR (boolean)
+When PAM is enabled, all clients are required to be authenticated using PAM;
+connecting to the server without successful PAM authentication isn't possible.
+If this option is set, clients not sending a password are still allowed to
+connect: they won't become "identified" and keep the "~" character prepended
+to their supplied user name.
+Please note:
+To make some use of this behavior, it most probably isn't useful to enable
+"Ident", "PAM" and "PAMIsOptional" at the same time, because you wouldn't be
+able to distinguish between Ident'ified and PAM-authenticated users: both
+don't have a "~" character prepended to their respective user names!
+Default: no.
+.TP
+\fBPredefChannelsOnly\fR (boolean)
+If enabled, no new channels can be created. Useful if you do not want to have
+other channels than those defined in [Channel] sections in the configuration
+file on this server.
+Default: no.
+.TP
+\fBRequireAuthPing\fR (boolean)
+Let ngIRCd send an "authentication PING" when a new client connects, and
+register this client only after receiving the corresponding "PONG" reply.
+Default: no.
+.TP
+\fBScrubCTCP\fR (boolean)
+If set to true, ngIRCd will silently drop all CTCP requests sent to it from
+both clients and servers. It will also not forward CTCP requests to any
+other servers. CTCP requests can be used to query user clients about which
+software they are using and which versions said software is. CTCP can also be
+used to reveal clients IP numbers. ACTION CTCP requests are not blocked,
+this means that /me commands will not be dropped, but please note that
+blocking CTCP will disable file sharing between users!
+Default: no.
+.TP
+\fBSyslogFacility\fR (string)
+Syslog "facility" to which ngIRCd should send log messages. Possible
+values are system dependent, but most probably "auth", "daemon", "user"
+and "local1" through "local7" are possible values; see syslog(3).
+Default is "local5" for historical reasons, you probably want to
+change this to "daemon", for example.
+.TP
+\fBWebircPassword\fR (string)
+Password required for using the WEBIRC command used by some Web-to-IRC
+gateways. If not set or empty, the WEBIRC command can't be used.
+Default: not set.
+.SH [SSL]
+All SSL-related configuration variables are located in the
+.I [SSL]
+section. Please note that this whole section is only recognized by ngIRCd
+when it is compiled with support for SSL using OpenSSL or GnuTLS!
+.TP
+\fBCertFile\fR (string)
+SSL Certificate file of the private server key.
+.TP
+\fBDHFile\fR (string)
+Name of the Diffie-Hellman Parameter file. Can be created with GnuTLS
+"certtool \-\-generate-dh-params" or "openssl dhparam". If this file is not
+present, it will be generated on startup when ngIRCd was compiled with GnuTLS
+support (this may take some time). If ngIRCd was compiled with OpenSSL, then
+(Ephemeral)-Diffie-Hellman Key Exchanges and several Cipher Suites will not be
+available.
+.TP
+\fBKeyFile\fR (string)
+Filename of SSL Server Key to be used for SSL connections. This is required
+for SSL/TLS support.
+.TP
+\fBKeyFilePassword\fR (string)
+OpenSSL only: Password to decrypt the private key file.
+.TP
+\fBPorts\fR (list of numbers)
+Same as \fBPorts\fR , except that ngIRCd will expect incoming connections
+to be SSL/TLS encrypted. Common port numbers for SSL-encrypted IRC are 6669
+and 6697. Default: none.