.\"
.\" ngircd.conf(5) manual page template
.\"
-.TH ngircd.conf 5 "Jun 2011" ngircd "ngIRCd Manual"
+.TH ngircd.conf 5 "Mar 2012" ngircd "ngIRCd Manual"
.SH NAME
ngircd.conf \- configuration file of ngIRCd
.SH SYNOPSIS
\fBPidFile\fR (string)
This tells ngIRCd to write its current process ID to a file. Note that the
pidfile is written AFTER chroot and switching the user ID, e.g. the directory
-the pidfile resides in must be writeable by the ngIRCd user and exist in the
+the pidfile resides in must be writable by the ngIRCd user and exist in the
chroot directory (if configured, see above).
.TP
\fBPorts\fR (list of numbers)
-Ports on which the server should listen. There may be more than one port,
-separated with commas (","). Default: 6667, unless \fBSSL_Ports\fR are also
-specified.
+Ports on which the server should listen for unencrypted connections. There
+may be more than one port, separated with commas (","). Default: 6667.
.TP
\fBServerGID\fR (string or number)
Group ID under which the ngIRCd should run; you can use the name of the
seconds, it will be disconnected by the server. Default: 20.
.SH [OPTIONS]
Optional features and configuration options to further tweak the behavior of
-ngIRCd. If you wan't to get started quickly, you most probably don't have to
+ngIRCd. If you want to get started quickly, you most probably don't have to
make changes here -- they are all optional.
.TP
\fBAllowRemoteOper\fR (boolean)
.TP
\fBCloakHost\fR (string)
Set this hostname for every client instead of the real one. Default: empty,
-don't change.
-.PP
-.RS
-.B Please note:
-.br
-Don't use the percentage sign ("%"), it is reserved for future extensions!
-.RE
+don't change. Use %x to add the hashed value of the original hostname.
+.TP
+\fBCloakHostModeX\fR (string)
+Use this hostname for hostname cloaking on clients that have the user mode
+"+x" set, instead of the name of the server. Default: empty, use the name
+of the server. Use %x to add the hashed value of the original hostname
+.TP
+\fBCloakHostSalt\fR (string)
+The Salt for cloaked hostname hashing. When undefined a random hash is
+generated after each server start.
.TP
\fBCloakUserToNick\fR (boolean)
Set every clients' user name to their nick name and hide the one supplied
\fBIdent\fR (boolean)
If ngIRCd is compiled with IDENT support this can be used to disable IDENT
lookups at run time.
+Users identified using IDENT are registered without the "~" character
+prepended to their user name.
Default: yes.
.TP
\fBMorePrivacy\fR (boolean)
Should IRC Operators be allowed to use the MODE command even if they are
not(!) channel-operators? Default: no.
.TP
+\fBOperChanPAutoOp\fR (boolean)
+Should IRC Operators get AutoOp (+o) in persistent (+P) channels?
+Default: yes.
+.TP
\fBOperServerMode\fR (boolean)
If \fBOperCanUseMode\fR is enabled, this may lead the compatibility problems
with Servers that run the ircd-irc2 Software. This Option "masks" mode
If ngIRCd is compiled with PAM support this can be used to disable all calls
to the PAM library at runtime; all users connecting without password are
allowed to connect, all passwords given will fail.
+Users identified using PAM are registered without the "~" character
+prepended to their user name.
Default: yes.
.TP
+\fBPAMIsOptional\fR (boolean)
+When PAM is enabled, all clients are required to be authenticated using PAM;
+connecting to the server without successful PAM authentication isn't possible.
+If this option is set, clients not sending a password are still allowed to
+connect: they won't become "identified" and keep the "~" character prepended
+to their supplied user name.
+Please note:
+To make some use of this behavior, it most probably isn't useful to enable
+"Ident", "PAM" and "PAMIsOptional" at the same time, because you wouldn't be
+able to distinguish between Ident'ified and PAM-authenticated users: both
+don't have a "~" character prepended to their respective user names!
+Default: no.
+.TP
\fBPredefChannelsOnly\fR (boolean)
If enabled, no new channels can be created. Useful if you do not want to have
other channels than those defined in [Channel] sections in the configuration
If set to true, ngIRCd will silently drop all CTCP requests sent to it from
both clients and servers. It will also not forward CTCP requests to any
other servers. CTCP requests can be used to query user clients about which
-software they are using and which versions said softare is. CTCP can also be
+software they are using and which versions said software is. CTCP can also be
used to reveal clients IP numbers. ACTION CTCP requests are not blocked,
this means that /me commands will not be dropped, but please note that
blocking CTCP will disable file sharing between users!
section. Please note that this whole section is only recognized by ngIRCd
when it is compiled with support for SSL using OpenSSL or GnuTLS!
.TP
-\fBSSLCertFile\fR (string)
+\fBCertFile\fR (string)
SSL Certificate file of the private server key.
.TP
-\fBSSLDHFile\fR (string)
+\fBDHFile\fR (string)
Name of the Diffie-Hellman Parameter file. Can be created with GnuTLS
"certtool \-\-generate-dh-params" or "openssl dhparam". If this file is not
present, it will be generated on startup when ngIRCd was compiled with GnuTLS
(Ephemeral)-Diffie-Hellman Key Exchanges and several Cipher Suites will not be
available.
.TP
-\fBSSLKeyFile\fR (string)
+\fBKeyFile\fR (string)
Filename of SSL Server Key to be used for SSL connections. This is required
for SSL/TLS support.
.TP
-\fBSSLKeyFilePassword\fR (string)
+\fBKeyFilePassword\fR (string)
OpenSSL only: Password to decrypt the private key file.
.TP
-\fBSSLPorts\fR (list of numbers)
+\fBPorts\fR (list of numbers)
Same as \fBPorts\fR , except that ngIRCd will expect incoming connections
to be SSL/TLS encrypted. Common port numbers for SSL-encrypted IRC are 6669
and 6697. Default: none.
Connect to the remote server using TLS/SSL. Default: false.
.TP
\fBServiceMask\fR (string)
-Define a (case insensitive) mask matching nick names that should be treated as
-IRC services when introduced via this remote server. REGULAR SERVERS DON'T NEED
-this parameter, so leave it empty (which is the default).
+Define a (case insensitive) list of masks matching nick names that should be
+treated as IRC services when introduced via this remote server, separated
+by commas (","). REGULAR SERVERS DON'T NEED this parameter, so leave it empty
+(which is the default).
.PP
.RS
When you are connecting IRC services which mask as a IRC server and which use
"virtual users" to communicate with, for example "NickServ" and "ChanServ",
-you should set this parameter to something like "*Serv".
+you should set this parameter to something like "*Serv", "*Serv,OtherNick",
+or "NickServ,ChanServ,XyzServ".
.SH [CHANNEL]
Pre-defined channels can be configured in
.I [Channel]