summaryrefslogtreecommitdiff
path: root/conf/opers.conf.example
diff options
context:
space:
mode:
Diffstat (limited to 'conf/opers.conf.example')
-rw-r--r--conf/opers.conf.example32
1 files changed, 16 insertions, 16 deletions
diff --git a/conf/opers.conf.example b/conf/opers.conf.example
index 2b75fa808..0d1e6cd49 100644
--- a/conf/opers.conf.example
+++ b/conf/opers.conf.example
@@ -90,25 +90,25 @@
# host: What hostnames/IP's are allowed to oper up with this oline.
# Multiple options can be separated by spaces and CIDR's are allowed.
- # You CAN use just * or *@* for this section, but it is not recommended
- # for security reasons.
+ # You CAN use just * or *@* for this section, but it is not recommended
+ # for security reasons.
host="ident@dialup15.isp.com *@localhost *@server.com *@3ffe::0/16"
# ** ADVANCED ** This option is disabled by default.
# fingerprint: When using the m_sslinfo module, you may specify
- # a key fingerprint here. This can be obtained by using the
- # /fingerprint command while the module is loaded. This enhances
- # security by verifying that the person opering up has the matching
- # key/certificate combination. This enhances security a great deal.
- # If m_sslinfo and m_ssl_gnutls/m_ssl_openssl aren't loaded,
- # this option will be ignored.
- #fingerprint="67:CB:9D:C0:13:24:8A:82:9B:B2:17:1E:D1:1B:EC:D4"
+ # a key fingerprint here. This can be obtained by using the /sslinfo
+ # command while the module is loaded, and is also noticed on connect.
+ # This enhances security by verifying that the person opering up has
+ # a matching SSL client certificate, which is very difficult to
+ # forge (impossible unless preimage attacks on the hash exist).
+ # If m_sslinfo isn't loaded, this option will be ignored.
+ #fingerprint="67cb9dc013248a829bb2171ed11becd4"
# sslonly: This oper can only oper up if they're using a SSL connection.
- # Setting this option adds a decent bit of security. Highly recommended if
- # the oper is on wifi or specifically, unsecured wifi.
- # This setting only takes effect if m_sslinfo and m_ssl_gnutls or m_ssl_openssl
- # are loaded.
+ # Setting this option adds a decent bit of security. Highly recommended
+ # if the oper is on wifi, or specifically, unsecured wifi. Note that it
+ # is redundant to specify this option if you specify a fingerprint.
+ # This setting only takes effect if m_sslinfo is loaded.
#sslonly="yes"
# vhost: overrides the vhost in the type block. Class and modes may also
@@ -124,7 +124,7 @@
name="Brain"
password="s3cret"
host="ident@dialup15.isp.com *@localhost *@server.com *@3ffe::0/16"
- #fingerprint="67:CB:9D:C0:13:24:8A:82:9B:B2:17:1E:D1:1B:EC:D4"
+ #fingerprint="67cb9dc013248a829bb2171ed11becd4"
type="NetAdmin">
# oline with hashed password. It is highly recommended to use hashed passwords.
@@ -147,8 +147,8 @@
# host: What hostnames/IP's are allowed to oper up with this oline.
# Multiple options can be separated by spaces and CIDR's are allowed.
- # You CAN use just * or *@* for this section, but it is not recommended
- # for security reasons.
+ # You CAN use just * or *@* for this section, but it is not recommended
+ # for security reasons.
host="ident@dialup15.isp.com *@localhost *@server.com *@3ffe::0/16"
# type: What oper type this oline is. See the block above for list