.\"
.\" ngircd.conf(5) manual page template
.\"
-.TH ngircd.conf 5 "Jun 2011" ngircd "ngIRCd Manual"
+.TH ngircd.conf 5 "Mar 2012" ngircd "ngIRCd Manual"
.SH NAME
ngircd.conf \- configuration file of ngIRCd
.SH SYNOPSIS
\fBPidFile\fR (string)
This tells ngIRCd to write its current process ID to a file. Note that the
pidfile is written AFTER chroot and switching the user ID, e.g. the directory
-the pidfile resides in must be writeable by the ngIRCd user and exist in the
+the pidfile resides in must be writable by the ngIRCd user and exist in the
chroot directory (if configured, see above).
.TP
\fBPorts\fR (list of numbers)
-Ports on which the server should listen. There may be more than one port,
-separated with commas (","). Default: 6667, unless \fBSSL_Ports\fR are also
-specified.
+Ports on which the server should listen for unencrypted connections. There
+may be more than one port, separated with commas (","). Default: 6667.
.TP
\fBServerGID\fR (string or number)
Group ID under which the ngIRCd should run; you can use the name of the
seconds, it will be disconnected by the server. Default: 20.
.SH [OPTIONS]
Optional features and configuration options to further tweak the behavior of
-ngIRCd. If you wan't to get started quickly, you most probably don't have to
+ngIRCd. If you want to get started quickly, you most probably don't have to
make changes here -- they are all optional.
.TP
\fBAllowRemoteOper\fR (boolean)
Don't use the percentage sign ("%"), it is reserved for future extensions!
.RE
.TP
+\fBCloakHostModeX\fR (string)
+Use this hostname for hostname cloaking on clients that have the user mode
+"+x" set, instead of the name of the server. Default: empty, use the name
+of the server.
+.PP
+.RS
+.B Please note:
+.br
+Don't use the percentage sign ("%"), it is reserved for future extensions!
+.RE
+.TP
\fBCloakUserToNick\fR (boolean)
Set every clients' user name to their nick name and hide the one supplied
by the IRC client. Default: no.
\fBIdent\fR (boolean)
If ngIRCd is compiled with IDENT support this can be used to disable IDENT
lookups at run time.
+Users identified using IDENT are registered without the "~" character
+prepended to their user name.
Default: yes.
.TP
+\fBMorePrivacy\fR (boolean)
+This will cause ngIRCd to censor user idle time, logon time as well as the
+part/quit messages (that are sometimes used to inform everyone about which
+client software is being used). WHOWAS requests are also silently ignored.
+This option is most useful when ngIRCd is being used together with
+anonymizing software such as TOR or I2P and one does not wish to make it
+too easy to collect statistics on the users.
+Default: no.
+.TP
\fBNoticeAuth\fR (boolean)
Normally ngIRCd doesn't send any messages to a client until it is registered.
Enable this option to let the daemon send "NOTICE AUTH" messages to clients
If ngIRCd is compiled with PAM support this can be used to disable all calls
to the PAM library at runtime; all users connecting without password are
allowed to connect, all passwords given will fail.
+Users identified using PAM are registered without the "~" character
+prepended to their user name.
Default: yes.
.TP
+\fBPAMIsOptional\fR (boolean)
+When PAM is enabled, all clients are required to be authenticated using PAM;
+connecting to the server without successful PAM authentication isn't possible.
+If this option is set, clients not sending a password are still allowed to
+connect: they won't become "identified" and keep the "~" character prepended
+to their supplied user name.
+Please note:
+To make some use of this behavior, it most probably isn't useful to enable
+"Ident", "PAM" and "PAMIsOptional" at the same time, because you wouldn't be
+able to distinguish between Ident'ified and PAM-authenticated users: both
+don't have a "~" character prepended to their respective user names!
+Default: no.
+.TP
\fBPredefChannelsOnly\fR (boolean)
If enabled, no new channels can be created. Useful if you do not want to have
other channels than those defined in [Channel] sections in the configuration
register this client only after receiving the corresponding "PONG" reply.
Default: no.
.TP
+\fBScrubCTCP\fR (boolean)
+If set to true, ngIRCd will silently drop all CTCP requests sent to it from
+both clients and servers. It will also not forward CTCP requests to any
+other servers. CTCP requests can be used to query user clients about which
+software they are using and which versions said software is. CTCP can also be
+used to reveal clients IP numbers. ACTION CTCP requests are not blocked,
+this means that /me commands will not be dropped, but please note that
+blocking CTCP will disable file sharing between users!
+Default: no.
+.TP
\fBSyslogFacility\fR (string)
Syslog "facility" to which ngIRCd should send log messages. Possible
values are system dependent, but most probably "auth", "daemon", "user"
section. Please note that this whole section is only recognized by ngIRCd
when it is compiled with support for SSL using OpenSSL or GnuTLS!
.TP
-\fBSSLCertFile\fR (string)
+\fBCertFile\fR (string)
SSL Certificate file of the private server key.
.TP
-\fBSSLDHFile\fR (string)
+\fBDHFile\fR (string)
Name of the Diffie-Hellman Parameter file. Can be created with GnuTLS
"certtool \-\-generate-dh-params" or "openssl dhparam". If this file is not
present, it will be generated on startup when ngIRCd was compiled with GnuTLS
(Ephemeral)-Diffie-Hellman Key Exchanges and several Cipher Suites will not be
available.
.TP
-\fBSSLKeyFile\fR (string)
+\fBKeyFile\fR (string)
Filename of SSL Server Key to be used for SSL connections. This is required
for SSL/TLS support.
.TP
-\fBSSLKeyFilePassword\fR (string)
+\fBKeyFilePassword\fR (string)
OpenSSL only: Password to decrypt the private key file.
.TP
-\fBSSLPorts\fR (list of numbers)
+\fBPorts\fR (list of numbers)
Same as \fBPorts\fR , except that ngIRCd will expect incoming connections
to be SSL/TLS encrypted. Common port numbers for SSL-encrypted IRC are 6669
and 6697. Default: none.
projects / ngircd-alex.git / blobdiff