X-Git-Url: https://arthur.barton.de/cgi-bin/gitweb.cgi?p=ngircd-alex.git;a=blobdiff_plain;f=man%2Fngircd.conf.5.tmpl;h=85cf73ffb3083b1923f1470962fc8ce06f958757;hp=8198c92b12af5f00fd22a53de29d405deb285d02;hb=e9be3334d1f0a40e44aac7754d828a4ce28a94b7;hpb=b80e115f3947eae39aba39d1647f0a81f3d95fa3 diff --git a/man/ngircd.conf.5.tmpl b/man/ngircd.conf.5.tmpl index 8198c92b..85cf73ff 100644 --- a/man/ngircd.conf.5.tmpl +++ b/man/ngircd.conf.5.tmpl @@ -1,7 +1,7 @@ .\" .\" ngircd.conf(5) manual page template .\" -.TH ngircd.conf 5 "Jun 2011" ngircd "ngIRCd Manual" +.TH ngircd.conf 5 "Mar 2012" ngircd "ngIRCd Manual" .SH NAME ngircd.conf \- configuration file of ngIRCd .SH SYNOPSIS @@ -52,8 +52,8 @@ for numbers all decimal integer values are valid. In addition, some string or numerical variables accept lists of values, separated by commas (","). .SH "SECTION OVERVIEW" -The file can contain blocks of four types: [Global], [Limits], [Options], -[Operator], [Server], and [Channel]. +The file can contain blocks of seven types: [Global], [Limits], [Options], +[SSL], [Operator], [Server], and [Channel]. .PP The main configuration of the server is stored in the .I [Global] @@ -68,8 +68,10 @@ block are used to tweak different limits and timeouts of the daemon, like the maximum number of clients allowed to connect to this server. Variables in the .I [Options] section can be used to enable or disable specific features of ngIRCd, like -support for IDENT, PAM, IPv6, SSL, and protocol and cloaking features. These -two sections are both optional. +support for IDENT, PAM, IPv6, and protocol and cloaking features. The +.I [SSL] +block contains all SSL-related configuration variables. These three sections +are all optional. .PP IRC operators of this server are defined in .I [Operator] @@ -81,7 +83,7 @@ blocks are used to configure pre-defined ("persistent") IRC channels. .PP There can be more than one [Operator], [Server] and [Channel] section per configuration file (one for each operator, server, and channel), but only -exactly one [Global], one [Limits], and one [Options] section. +exactly one [Global], one [Limits], one [Options], and one [SSL] section. .SH [GLOBAL] The .I [Global] @@ -126,13 +128,12 @@ if ngIRCd is using PAM! \fBPidFile\fR (string) This tells ngIRCd to write its current process ID to a file. Note that the pidfile is written AFTER chroot and switching the user ID, e.g. the directory -the pidfile resides in must be writeable by the ngIRCd user and exist in the +the pidfile resides in must be writable by the ngIRCd user and exist in the chroot directory (if configured, see above). .TP \fBPorts\fR (list of numbers) -Ports on which the server should listen. There may be more than one port, -separated with commas (","). Default: 6667, unless \fBSSL_Ports\fR are also -specified. +Ports on which the server should listen for unencrypted connections. There +may be more than one port, separated with commas (","). Default: 6667. .TP \fBServerGID\fR (string or number) Group ID under which the ngIRCd should run; you can use the name of the @@ -190,7 +191,7 @@ If a client fails to answer a PING with a PONG within seconds, it will be disconnected by the server. Default: 20. .SH [OPTIONS] Optional features and configuration options to further tweak the behavior of -ngIRCd. If you wan't to get started quickly, you most probably don't have to +ngIRCd. If you want to get started quickly, you most probably don't have to make changes here -- they are all optional. .TP \fBAllowRemoteOper\fR (boolean) @@ -242,6 +243,8 @@ Default: yes. \fBIdent\fR (boolean) If ngIRCd is compiled with IDENT support this can be used to disable IDENT lookups at run time. +Users identified using IDENT are registered without the "~" character +prepended to their user name. Default: yes. .TP \fBMorePrivacy\fR (boolean) @@ -272,8 +275,23 @@ only enable it if you have ircd-irc2 servers in your IRC network. If ngIRCd is compiled with PAM support this can be used to disable all calls to the PAM library at runtime; all users connecting without password are allowed to connect, all passwords given will fail. +Users identified using PAM are registered without the "~" character +prepended to their user name. Default: yes. .TP +\fBPAMIsOptional\fR (boolean) +When PAM is enabled, all clients are required to be authenticated using PAM; +connecting to the server without successful PAM authentication isn't possible. +If this option is set, clients not sending a password are still allowed to +connect: they won't become "identified" and keep the "~" character prepended +to their supplied user name. +Please note: +To make some use of this behavior, it most probably isn't useful to enable +"Ident", "PAM" and "PAMIsOptional" at the same time, because you wouldn't be +able to distinguish between Ident'ified and PAM-authenticated users: both +don't have a "~" character prepended to their respective user names! +Default: no. +.TP \fBPredefChannelsOnly\fR (boolean) If enabled, no new channels can be created. Useful if you do not want to have other channels than those defined in [Channel] sections in the configuration @@ -285,10 +303,37 @@ Let ngIRCd send an "authentication PING" when a new client connects, and register this client only after receiving the corresponding "PONG" reply. Default: no. .TP -\fBSSLCertFile\fR (string) +\fBScrubCTCP\fR (boolean) +If set to true, ngIRCd will silently drop all CTCP requests sent to it from +both clients and servers. It will also not forward CTCP requests to any +other servers. CTCP requests can be used to query user clients about which +software they are using and which versions said software is. CTCP can also be +used to reveal clients IP numbers. ACTION CTCP requests are not blocked, +this means that /me commands will not be dropped, but please note that +blocking CTCP will disable file sharing between users! +Default: no. +.TP +\fBSyslogFacility\fR (string) +Syslog "facility" to which ngIRCd should send log messages. Possible +values are system dependent, but most probably "auth", "daemon", "user" +and "local1" through "local7" are possible values; see syslog(3). +Default is "local5" for historical reasons, you probably want to +change this to "daemon", for example. +.TP +\fBWebircPassword\fR (string) +Password required for using the WEBIRC command used by some Web-to-IRC +gateways. If not set or empty, the WEBIRC command can't be used. +Default: not set. +.SH [SSL] +All SSL-related configuration variables are located in the +.I [SSL] +section. Please note that this whole section is only recognized by ngIRCd +when it is compiled with support for SSL using OpenSSL or GnuTLS! +.TP +\fBCertFile\fR (string) SSL Certificate file of the private server key. .TP -\fBSSLDHFile\fR (string) +\fBDHFile\fR (string) Name of the Diffie-Hellman Parameter file. Can be created with GnuTLS "certtool \-\-generate-dh-params" or "openssl dhparam". If this file is not present, it will be generated on startup when ngIRCd was compiled with GnuTLS @@ -296,29 +341,17 @@ support (this may take some time). If ngIRCd was compiled with OpenSSL, then (Ephemeral)-Diffie-Hellman Key Exchanges and several Cipher Suites will not be available. .TP -\fBSSLKeyFile\fR (string) +\fBKeyFile\fR (string) Filename of SSL Server Key to be used for SSL connections. This is required for SSL/TLS support. .TP -\fBSSLKeyFilePassword\fR (string) +\fBKeyFilePassword\fR (string) OpenSSL only: Password to decrypt the private key file. .TP -\fBSSLPorts\fR (list of numbers) +\fBPorts\fR (list of numbers) Same as \fBPorts\fR , except that ngIRCd will expect incoming connections to be SSL/TLS encrypted. Common port numbers for SSL-encrypted IRC are 6669 and 6697. Default: none. -.TP -\fBSyslogFacility\fR (string) -Syslog "facility" to which ngIRCd should send log messages. Possible -values are system dependent, but most probably "auth", "daemon", "user" -and "local1" through "local7" are possible values; see syslog(3). -Default is "local5" for historical reasons, you probably want to -change this to "daemon", for example. -.TP -\fBWebircPassword\fR (string) -Password required for using the WEBIRC command used by some Web-to-IRC -gateways. If not set or empty, the WEBIRC command can't be used. -Default: not set. .SH [OPERATOR] .I [Operator] sections are used to define IRC Operators. There may be more than one @@ -334,10 +367,6 @@ Password of the IRC operator. \fBMask\fR (string) Mask that is to be checked before an /OPER for this account is accepted. Example: nick!ident@*.example.com -.SH [FEATURES] -An optional section that can be used to disable features at -run-time. A feature is enabled by default if if ngircd was built with -support for it. .SH [SERVER] Other servers are configured in .I [Server]