X-Git-Url: https://arthur.barton.de/cgi-bin/gitweb.cgi?p=ngircd-alex.git;a=blobdiff_plain;f=man%2Fngircd.conf.5.tmpl;h=aff11a67bf86ec6c79d0daae9cfadeff345662f2;hp=41cc08ef35bac0694e4ccf90cb6ff1c57f0b45fc;hb=107bfdc821cfb179996e1186cff0ec4970ef4fbd;hpb=9dfde13f0cd6f960565ea2da5734e5b91b497e7a diff --git a/man/ngircd.conf.5.tmpl b/man/ngircd.conf.5.tmpl index 41cc08ef..aff11a67 100644 --- a/man/ngircd.conf.5.tmpl +++ b/man/ngircd.conf.5.tmpl @@ -1,7 +1,7 @@ .\" .\" ngircd.conf(5) manual page template .\" -.TH ngircd.conf 5 "Jun 2011" ngircd "ngIRCd Manual" +.TH ngircd.conf 5 "Mar 2012" ngircd "ngIRCd Manual" .SH NAME ngircd.conf \- configuration file of ngIRCd .SH SYNOPSIS @@ -52,8 +52,8 @@ for numbers all decimal integer values are valid. In addition, some string or numerical variables accept lists of values, separated by commas (","). .SH "SECTION OVERVIEW" -The file can contain blocks of four types: [Global], [Limits], [Options], -[Operator], [Server], and [Channel]. +The file can contain blocks of seven types: [Global], [Limits], [Options], +[SSL], [Operator], [Server], and [Channel]. .PP The main configuration of the server is stored in the .I [Global] @@ -68,8 +68,10 @@ block are used to tweak different limits and timeouts of the daemon, like the maximum number of clients allowed to connect to this server. Variables in the .I [Options] section can be used to enable or disable specific features of ngIRCd, like -support for IDENT, PAM, IPv6, SSL, and protocol and cloaking features. These -two sections are both optional. +support for IDENT, PAM, IPv6, and protocol and cloaking features. The +.I [SSL] +block contains all SSL-related configuration variables. These three sections +are all optional. .PP IRC operators of this server are defined in .I [Operator] @@ -81,7 +83,7 @@ blocks are used to configure pre-defined ("persistent") IRC channels. .PP There can be more than one [Operator], [Server] and [Channel] section per configuration file (one for each operator, server, and channel), but only -exactly one [Global], one [Limits], and one [Options] section. +exactly one [Global], one [Limits], one [Options], and one [SSL] section. .SH [GLOBAL] The .I [Global] @@ -126,13 +128,12 @@ if ngIRCd is using PAM! \fBPidFile\fR (string) This tells ngIRCd to write its current process ID to a file. Note that the pidfile is written AFTER chroot and switching the user ID, e.g. the directory -the pidfile resides in must be writeable by the ngIRCd user and exist in the +the pidfile resides in must be writable by the ngIRCd user and exist in the chroot directory (if configured, see above). .TP \fBPorts\fR (list of numbers) -Ports on which the server should listen. There may be more than one port, -separated with commas (","). Default: 6667, unless \fBSSL_Ports\fR are also -specified. +Ports on which the server should listen for unencrypted connections. There +may be more than one port, separated with commas (","). Default: 6667. .TP \fBServerGID\fR (string or number) Group ID under which the ngIRCd should run; you can use the name of the @@ -190,7 +191,7 @@ If a client fails to answer a PING with a PONG within seconds, it will be disconnected by the server. Default: 20. .SH [OPTIONS] Optional features and configuration options to further tweak the behavior of -ngIRCd. If you wan't to get started quickly, you most probably don't have to +ngIRCd. If you want to get started quickly, you most probably don't have to make changes here -- they are all optional. .TP \fBAllowRemoteOper\fR (boolean) @@ -211,13 +212,16 @@ For this to work the server must have been started with root privileges! .TP \fBCloakHost\fR (string) Set this hostname for every client instead of the real one. Default: empty, -don't change. -.PP -.RS -.B Please note: -.br -Don't use the percentage sign ("%"), it is reserved for future extensions! -.RE +don't change. Use %x to add the hashed value of the original hostname. +.TP +\fBCloakHostModeX\fR (string) +Use this hostname for hostname cloaking on clients that have the user mode +"+x" set, instead of the name of the server. Default: empty, use the name +of the server. Use %x to add the hashed value of the original hostname +.TP +\fBCloakHostSalt\fR (string) +The Salt for cloaked hostname hashing. When undefined a random hash is +generated after each server start. .TP \fBCloakUserToNick\fR (boolean) Set every clients' user name to their nick name and hide the one supplied @@ -242,8 +246,19 @@ Default: yes. \fBIdent\fR (boolean) If ngIRCd is compiled with IDENT support this can be used to disable IDENT lookups at run time. +Users identified using IDENT are registered without the "~" character +prepended to their user name. Default: yes. .TP +\fBMorePrivacy\fR (boolean) +This will cause ngIRCd to censor user idle time, logon time as well as the +part/quit messages (that are sometimes used to inform everyone about which +client software is being used). WHOWAS requests are also silently ignored. +This option is most useful when ngIRCd is being used together with +anonymizing software such as TOR or I2P and one does not wish to make it +too easy to collect statistics on the users. +Default: no. +.TP \fBNoticeAuth\fR (boolean) Normally ngIRCd doesn't send any messages to a client until it is registered. Enable this option to let the daemon send "NOTICE AUTH" messages to clients @@ -263,8 +278,23 @@ only enable it if you have ircd-irc2 servers in your IRC network. If ngIRCd is compiled with PAM support this can be used to disable all calls to the PAM library at runtime; all users connecting without password are allowed to connect, all passwords given will fail. +Users identified using PAM are registered without the "~" character +prepended to their user name. Default: yes. .TP +\fBPAMIsOptional\fR (boolean) +When PAM is enabled, all clients are required to be authenticated using PAM; +connecting to the server without successful PAM authentication isn't possible. +If this option is set, clients not sending a password are still allowed to +connect: they won't become "identified" and keep the "~" character prepended +to their supplied user name. +Please note: +To make some use of this behavior, it most probably isn't useful to enable +"Ident", "PAM" and "PAMIsOptional" at the same time, because you wouldn't be +able to distinguish between Ident'ified and PAM-authenticated users: both +don't have a "~" character prepended to their respective user names! +Default: no. +.TP \fBPredefChannelsOnly\fR (boolean) If enabled, no new channels can be created. Useful if you do not want to have other channels than those defined in [Channel] sections in the configuration @@ -276,10 +306,37 @@ Let ngIRCd send an "authentication PING" when a new client connects, and register this client only after receiving the corresponding "PONG" reply. Default: no. .TP -\fBSSLCertFile\fR (string) +\fBScrubCTCP\fR (boolean) +If set to true, ngIRCd will silently drop all CTCP requests sent to it from +both clients and servers. It will also not forward CTCP requests to any +other servers. CTCP requests can be used to query user clients about which +software they are using and which versions said software is. CTCP can also be +used to reveal clients IP numbers. ACTION CTCP requests are not blocked, +this means that /me commands will not be dropped, but please note that +blocking CTCP will disable file sharing between users! +Default: no. +.TP +\fBSyslogFacility\fR (string) +Syslog "facility" to which ngIRCd should send log messages. Possible +values are system dependent, but most probably "auth", "daemon", "user" +and "local1" through "local7" are possible values; see syslog(3). +Default is "local5" for historical reasons, you probably want to +change this to "daemon", for example. +.TP +\fBWebircPassword\fR (string) +Password required for using the WEBIRC command used by some Web-to-IRC +gateways. If not set or empty, the WEBIRC command can't be used. +Default: not set. +.SH [SSL] +All SSL-related configuration variables are located in the +.I [SSL] +section. Please note that this whole section is only recognized by ngIRCd +when it is compiled with support for SSL using OpenSSL or GnuTLS! +.TP +\fBCertFile\fR (string) SSL Certificate file of the private server key. .TP -\fBSSLDHFile\fR (string) +\fBDHFile\fR (string) Name of the Diffie-Hellman Parameter file. Can be created with GnuTLS "certtool \-\-generate-dh-params" or "openssl dhparam". If this file is not present, it will be generated on startup when ngIRCd was compiled with GnuTLS @@ -287,29 +344,17 @@ support (this may take some time). If ngIRCd was compiled with OpenSSL, then (Ephemeral)-Diffie-Hellman Key Exchanges and several Cipher Suites will not be available. .TP -\fBSSLKeyFile\fR (string) +\fBKeyFile\fR (string) Filename of SSL Server Key to be used for SSL connections. This is required for SSL/TLS support. .TP -\fBSSLKeyFilePassword\fR (string) +\fBKeyFilePassword\fR (string) OpenSSL only: Password to decrypt the private key file. .TP -\fBSSLPorts\fR (list of numbers) +\fBPorts\fR (list of numbers) Same as \fBPorts\fR , except that ngIRCd will expect incoming connections to be SSL/TLS encrypted. Common port numbers for SSL-encrypted IRC are 6669 and 6697. Default: none. -.TP -\fBSyslogFacility\fR (string) -Syslog "facility" to which ngIRCd should send log messages. Possible -values are system dependent, but most probably "auth", "daemon", "user" -and "local1" through "local7" are possible values; see syslog(3). -Default is "local5" for historical reasons, you probably want to -change this to "daemon", for example. -.TP -\fBWebircPassword\fR (string) -Password required for using the WEBIRC command used by some Web-to-IRC -gateways. If not set or empty, the WEBIRC command can't be used. -Default: not set. .SH [OPERATOR] .I [Operator] sections are used to define IRC Operators. There may be more than one @@ -377,14 +422,16 @@ You can use the IRC Operator command CONNECT later on to create the link. Connect to the remote server using TLS/SSL. Default: false. .TP \fBServiceMask\fR (string) -Define a (case insensitive) mask matching nick names that should be treated as -IRC services when introduced via this remote server. REGULAR SERVERS DON'T NEED -this parameter, so leave it empty (which is the default). +Define a (case insensitive) list of masks matching nick names that should be +treated as IRC services when introduced via this remote server, separated +by commas (","). REGULAR SERVERS DON'T NEED this parameter, so leave it empty +(which is the default). .PP .RS When you are connecting IRC services which mask as a IRC server and which use "virtual users" to communicate with, for example "NickServ" and "ChanServ", -you should set this parameter to something like "*Serv". +you should set this parameter to something like "*Serv", "*Serv,OtherNick", +or "NickServ,ChanServ,XyzServ". .SH [CHANNEL] Pre-defined channels can be configured in .I [Channel]