summaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
authorbrain <brain@e03df62e-2008-0410-955e-edbf42e46eb7>2006-09-03 22:33:48 +0000
committerbrain <brain@e03df62e-2008-0410-955e-edbf42e46eb7>2006-09-03 22:33:48 +0000
commit09d557c6e00b9f0e5ce6b1638c0c4986f8989f27 (patch)
tree8a3a22e4702fa61dacfabaab27214fe37f9f7943 /docs
parent34aa7e664a810aa6bfb2c032e7b3ed4f780cdae2 (diff)
Document <oper:fingerprint>
git-svn-id: http://svn.inspircd.org/repository/trunk/inspircd@5136 e03df62e-2008-0410-955e-edbf42e46eb7
Diffstat (limited to 'docs')
-rw-r--r--docs/inspircd.conf.example43
1 files changed, 29 insertions, 14 deletions
diff --git a/docs/inspircd.conf.example b/docs/inspircd.conf.example
index ca65b9c90..fc383580d 100644
--- a/docs/inspircd.conf.example
+++ b/docs/inspircd.conf.example
@@ -295,28 +295,43 @@
# Opers are defined here. This is a very important section. #
# Remember to only make operators out of truthworthy people. #
# #
-# name - oper name, best to use lower-case #
-# #
-# password - password to oper-up, #
-# encryption not supported by inspircd. However, there #
-# are modules that allow for oper password encryption. #
-# #
-# host - host of client allowed to oper-up. #
-# wildcards accepted, seperate multiple hosts with space #
-# You may also specify CIDR ip addresses. #
-# #
-# type - specified above, defines the kind of operator #
+# name - oper name, best to use lower-case #
+# #
+# password - password to oper-up, #
+# encryption not supported by inspircd. However, there #
+# are modules that allow for oper password encryption. #
+# #
+# host - host of client allowed to oper-up. #
+# wildcards accepted, seperate multiple hosts with a #
+# space. You may also specify CIDR ip addresses. #
+# #
+# fingerprint - When using the m_ssl_oper_cert.so module, you may #
+# specify a key fingerprint here. This can be obtained #
+# using the /fingerprint command whilst the module is #
+# loaded, and will lock this oper block to only the #
+# user who has that specific key/certificate pair. #
+# This enhances security a great deal, however it #
+# requires that opers use clients which can send ssl #
+# client certificates, if this is configured for that #
+# oper. Note that if the m_ssl_oper.so module is not #
+# loaded, and/or one of m_ssl_openssl or m_ssl_gnutls #
+# is not loaded, this configuration option has no #
+# effect and will be ignored. #
+# #
+# type - specified above, defines the kind of operator #
# #
# Syntax is as follows: #
# <oper name="login" #
# password="pass" #
# host="hostmask@of.oper" #
+# fingerprint="hexsequence" #
# type="oper type"> #
# #
<oper name="katsklaw"
password="s3cret"
host="ident@dialup15.isp.com *@localhost *@server.com *@3ffe::0/16"
+ fingerprint="a41d730937a53b79f788c0ab13e9e1d5"
type="NetAdmin">
@@ -1246,9 +1261,9 @@
# SSL Cert Oper module: Allows opers to oper up using the key fingerprint
# stored within their SSL certificate and key pair.
# When using this module, one of m_ssl_gnutls.so or m_ssl_openssl.so must
-# be loaded. Any value may be placed in the password field of the OPER
-# command if your oper tag is fingerprint enabled. You must symlink the
-# source for this module from the directory src/modules/extra.
+# be loaded. An extra value should be added to enabled opers, which
+# is in the following format: fingerprint="<hash>". For more information,
+# see the example in the oper blocks.
#<module name="m_ssl_oper_cert.so">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#