From 5025e36bead1412946ff0a3f40699ceac7506a4b Mon Sep 17 00:00:00 2001 From: danieldg Date: Thu, 2 Jul 2009 19:58:43 +0000 Subject: Updates to example configuration [by jdhore] git-svn-id: http://svn.inspircd.org/repository/trunk/inspircd@11432 e03df62e-2008-0410-955e-edbf42e46eb7 --- conf/aliases/atheme.conf.example | 2 ++ conf/modules.conf.example | 23 ++++++++++++----------- conf/opers.conf.example | 11 +++++++++-- 3 files changed, 23 insertions(+), 13 deletions(-) diff --git a/conf/aliases/atheme.conf.example b/conf/aliases/atheme.conf.example index 04b324ea0..7a0bc015a 100644 --- a/conf/aliases/atheme.conf.example +++ b/conf/aliases/atheme.conf.example @@ -5,6 +5,7 @@ + # Shorthand aliases for nickserv, chanserv, operserv, memoserv @@ -14,6 +15,7 @@ + # /id [channel] diff --git a/conf/modules.conf.example b/conf/modules.conf.example index a24db40db..2401f1311 100644 --- a/conf/modules.conf.example +++ b/conf/modules.conf.example @@ -151,9 +151,15 @@ # # # +# +# +# # # # +# +# +# # # An example of using the format value to create an alias with two # different behaviours depending on the format of the parameters. @@ -1509,13 +1515,6 @@ # does not do anything useful without a working SSL module (see below) # -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# Dummy ssl module: If you have other servers on your network which -# have SSL, but your server does not have ssl enabled, you should load -# this module, which will handle SSL metadata (e.g. the "Is using ssl" -# field in the WHOIS information). -# - #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # GnuTLS ssl module: Adds support for client-server SSL using GnuTLS, # if enabled. You must copy the source for this module from the directory @@ -1536,10 +1535,12 @@ # SSL Info module: Allows users to retrieve information about other # user's peer SSL certificates and keys. This can be used by client # scripts to validate users. For this to work, one of m_ssl_gnutls.so -# or m_ssl_openssl.so must be loaded. You must symlink the source for -# this module from the directory src/modules/extra. -# This modules is in extras. Re-run configure with: ./configure --enable-extras=m_sslinfo.cpp -# and run make install, then uncomment this module to enable it. +# or m_ssl_openssl.so must be loaded. This module also adds the +# "* is using a secure connection" whois line, the ability for +# opers to use SSL fingerprints to verify their identity and the ability +# to force opers to use SSL connections in order to oper up. +# It is highly recommended to load this module especially if +# you use SSL on your network. # # diff --git a/conf/opers.conf.example b/conf/opers.conf.example index 407cd71c5..bf91d94e3 100644 --- a/conf/opers.conf.example +++ b/conf/opers.conf.example @@ -93,15 +93,22 @@ host="ident@dialup15.isp.com *@localhost *@server.com *@3ffe::0/16" # ** ADVANCED ** This option is disabled by default. - # fingerprint: When using the m_oper_ssl_cert module, you may specify + # fingerprint: When using the m_sslinfo module, you may specify # a key fingerprint here. This can be obtained by using the # /fingerprint command while the module is loaded. This enhances # security by verifying that the person opering up has the matching # key/certificate combination. This enhances security a great deal. - # If m_oper_ssl and m_ssl_gnutls/m_ssl_openssl aren't loaded, + # If m_sslinfo and m_ssl_gnutls/m_ssl_openssl aren't loaded, # this option will be ignored. #fingerprint="67:CB:9D:C0:13:24:8A:82:9B:B2:17:1E:D1:1B:EC:D4" + # sslonly: This oper can only oper up if they're using a SSL connection. + # Setting this option adds a decent bit of security. Highly recommended if + # the oper is on wifi or specifically, unsecured wifi. + # This setting only takes effect if m_sslinfo and m_ssl_gnutls or m_ssl_openssl + # are loaded. + #sslonly="yes" + # type: What oper type this oline is. See the block above for list # of types. NOTE: This is case-sensitive as well. type="NetAdmin"> -- cgit v1.2.3