When the "NoPAM" configuration option is set and ngIRCd is compiled
with support for PAM, ngIRCd will not call any PAM functions: all
connection attemps without password will succeed instead and all
connection attemps with password will fail.
If ngIRCd is compiled without PAM support, this option is a dummy
option and nothing changes: the global server password will still be
in effect.
# with support for it.
;NoIdent = no
# with support for it.
;NoIdent = no
+ # Don't use PAM, even if ngIRCd has been compiled with support for it.
+ ;NoPAM = no
+
# try to connect to other irc servers using ipv4 and ipv6, if possible
;ConnectIPv6 = yes
;ConnectIPv4 = yes
# try to connect to other irc servers using ipv4 and ipv6, if possible
;ConnectIPv6 = yes
;ConnectIPv4 = yes
lookups at run time.
Default: no.
.TP
lookups at run time.
Default: no.
.TP
+\fBNoPAM\fR
+If ngIRCd is compiled with PAM support this can be used to disable all calls
+to the PAM library at runtime; all users connecting without password are
+allowed to connect, all passwords given will fail.
+Default: no.
+.TP
\fBConnectIPv4\fR
Set this to no if you do not want ngIRCd to connect to other IRC servers using
IPv4. This allows usage of ngIRCd in IPv6-only setups.
\fBConnectIPv4\fR
Set this to no if you do not want ngIRCd to connect to other IRC servers using
IPv4. This allows usage of ngIRCd in IPv6-only setups.
printf(" PredefChannelsOnly = %s\n", yesno_to_str(Conf_PredefChannelsOnly));
printf(" NoDNS = %s\n", yesno_to_str(Conf_NoDNS));
printf(" NoIdent = %s\n", yesno_to_str(Conf_NoIdent));
printf(" PredefChannelsOnly = %s\n", yesno_to_str(Conf_PredefChannelsOnly));
printf(" NoDNS = %s\n", yesno_to_str(Conf_NoDNS));
printf(" NoIdent = %s\n", yesno_to_str(Conf_NoIdent));
+ printf(" NoPAM = %s\n", yesno_to_str(Conf_NoPAM));
#ifdef WANT_IPV6
printf(" ConnectIPv4 = %s\n", yesno_to_str(Conf_ConnectIPv6));
#ifdef WANT_IPV6
printf(" ConnectIPv4 = %s\n", yesno_to_str(Conf_ConnectIPv6));
Conf_ConnectRetry = 60;
Conf_NoDNS = false;
Conf_NoIdent = false;
Conf_ConnectRetry = 60;
Conf_NoDNS = false;
Conf_NoIdent = false;
Conf_Oper_Count = 0;
Conf_Channel_Count = 0;
Conf_Oper_Count = 0;
Conf_Channel_Count = 0;
+ if(strcasecmp(Var, "NoPAM") == 0) {
+ /* don't use PAM library to authenticate users */
+ Conf_NoPAM = Check_ArgIsTrue(Arg);
+ return;
+ }
#ifdef WANT_IPV6
/* the default setting for all the WANT_IPV6 special options is 'true' */
if( strcasecmp( Var, "ConnectIPv6" ) == 0 ) {
#ifdef WANT_IPV6
/* the default setting for all the WANT_IPV6 special options is 'true' */
if( strcasecmp( Var, "ConnectIPv6" ) == 0 ) {
/* Disable IDENT lookups, even when compiled with support for it */
GLOBAL bool Conf_NoIdent;
/* Disable IDENT lookups, even when compiled with support for it */
GLOBAL bool Conf_NoIdent;
+/* Disable all usage of PAM, even when compiled with support for it */
+GLOBAL bool Conf_NoPAM;
+
/*
* try to connect to remote systems using the ipv6 protocol,
* if they have an ipv6 address? (default yes)
/*
* try to connect to remote systems using the ipv6 protocol,
* if they have an ipv6 address? (default yes)
/* Sub process */
signal(SIGTERM, Proc_GenericSignalHandler);
Log_Init_Subprocess("Auth");
/* Sub process */
signal(SIGTERM, Proc_GenericSignalHandler);
Log_Init_Subprocess("Auth");
- result = PAM_Authenticate(Client);
+ if (Conf_NoPAM) {
+ result = (Client_Password(Client)[0] == '\0');
+ } else
+ result = PAM_Authenticate(Client);
write(pipefd[1], &result, sizeof(result));
Log_Exit_Subprocess("Auth");
exit(0);
write(pipefd[1], &result, sizeof(result));
Log_Exit_Subprocess("Auth");
exit(0);