From 4d2afdd74496baa4cb178748318c4302d799b21e Mon Sep 17 00:00:00 2001 From: danieldg Date: Thu, 4 Feb 2010 14:36:16 +0000 Subject: [PATCH] Clarify fingerprint comments in example oper block git-svn-id: http://svn.inspircd.org/repository/trunk/inspircd@12373 e03df62e-2008-0410-955e-edbf42e46eb7 --- conf/opers.conf.example | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/conf/opers.conf.example b/conf/opers.conf.example index 2b75fa808..0d1e6cd49 100644 --- a/conf/opers.conf.example +++ b/conf/opers.conf.example @@ -90,25 +90,25 @@ # host: What hostnames/IP's are allowed to oper up with this oline. # Multiple options can be separated by spaces and CIDR's are allowed. - # You CAN use just * or *@* for this section, but it is not recommended - # for security reasons. + # You CAN use just * or *@* for this section, but it is not recommended + # for security reasons. host="ident@dialup15.isp.com *@localhost *@server.com *@3ffe::0/16" # ** ADVANCED ** This option is disabled by default. # fingerprint: When using the m_sslinfo module, you may specify - # a key fingerprint here. This can be obtained by using the - # /fingerprint command while the module is loaded. This enhances - # security by verifying that the person opering up has the matching - # key/certificate combination. This enhances security a great deal. - # If m_sslinfo and m_ssl_gnutls/m_ssl_openssl aren't loaded, - # this option will be ignored. - #fingerprint="67:CB:9D:C0:13:24:8A:82:9B:B2:17:1E:D1:1B:EC:D4" + # a key fingerprint here. This can be obtained by using the /sslinfo + # command while the module is loaded, and is also noticed on connect. + # This enhances security by verifying that the person opering up has + # a matching SSL client certificate, which is very difficult to + # forge (impossible unless preimage attacks on the hash exist). + # If m_sslinfo isn't loaded, this option will be ignored. + #fingerprint="67cb9dc013248a829bb2171ed11becd4" # sslonly: This oper can only oper up if they're using a SSL connection. - # Setting this option adds a decent bit of security. Highly recommended if - # the oper is on wifi or specifically, unsecured wifi. - # This setting only takes effect if m_sslinfo and m_ssl_gnutls or m_ssl_openssl - # are loaded. + # Setting this option adds a decent bit of security. Highly recommended + # if the oper is on wifi, or specifically, unsecured wifi. Note that it + # is redundant to specify this option if you specify a fingerprint. + # This setting only takes effect if m_sslinfo is loaded. #sslonly="yes" # vhost: overrides the vhost in the type block. Class and modes may also @@ -124,7 +124,7 @@ name="Brain" password="s3cret" host="ident@dialup15.isp.com *@localhost *@server.com *@3ffe::0/16" - #fingerprint="67:CB:9D:C0:13:24:8A:82:9B:B2:17:1E:D1:1B:EC:D4" + #fingerprint="67cb9dc013248a829bb2171ed11becd4" type="NetAdmin"> # oline with hashed password. It is highly recommended to use hashed passwords. @@ -147,8 +147,8 @@ # host: What hostnames/IP's are allowed to oper up with this oline. # Multiple options can be separated by spaces and CIDR's are allowed. - # You CAN use just * or *@* for this section, but it is not recommended - # for security reasons. + # You CAN use just * or *@* for this section, but it is not recommended + # for security reasons. host="ident@dialup15.isp.com *@localhost *@server.com *@3ffe::0/16" # type: What oper type this oline is. See the block above for list -- 2.39.5