summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGravatar danieldg2010-02-04 19:53:39 +0000
committerGravatar danieldg2010-02-04 19:53:39 +0000
commitb9db10d3bef1ebc5cc226fe6ac219225b220a20c (patch)
tree9638e5d860351f000c6e8a9f649d3011393b1867
parentFix clone counting bugs in IDENT and PASS based CGI:IRC clients (diff)
Clarify fingerprint comments in example oper block
git-svn-id: http://svn.inspircd.org/repository/branches/1_2_stable@12374 e03df62e-2008-0410-955e-edbf42e46eb7
-rw-r--r--conf/opers.conf.example32
1 files changed, 16 insertions, 16 deletions
diff --git a/conf/opers.conf.example b/conf/opers.conf.example
index d0953d320..9715db561 100644
--- a/conf/opers.conf.example
+++ b/conf/opers.conf.example
@@ -90,25 +90,25 @@
# host: What hostnames/IP's are allowed to oper up with this oline.
# Multiple options can be separated by spaces and CIDR's are allowed.
- # You CAN use just * or *@* for this section, but it is not recommended
- # for security reasons.
+ # You CAN use just * or *@* for this section, but it is not recommended
+ # for security reasons.
host="ident@dialup15.isp.com *@localhost *@server.com *@3ffe::0/16"
# ** ADVANCED ** This option is disabled by default.
# fingerprint: When using the m_sslinfo module, you may specify
- # a key fingerprint here. This can be obtained by using the
- # /fingerprint command while the module is loaded. This enhances
- # security by verifying that the person opering up has the matching
- # key/certificate combination. This enhances security a great deal.
- # If m_sslinfo and m_ssl_gnutls/m_ssl_openssl aren't loaded,
- # this option will be ignored.
- #fingerprint="67:CB:9D:C0:13:24:8A:82:9B:B2:17:1E:D1:1B:EC:D4"
+ # a key fingerprint here. This can be obtained by using the /sslinfo
+ # command while the module is loaded, and is also noticed on connect.
+ # This enhances security by verifying that the person opering up has
+ # a matching SSL client certificate, which is very difficult to
+ # forge (impossible unless preimage attacks on the hash exist).
+ # If m_sslinfo isn't loaded, this option will be ignored.
+ #fingerprint="67cb9dc013248a829bb2171ed11becd4"
# sslonly: This oper can only oper up if they're using a SSL connection.
- # Setting this option adds a decent bit of security. Highly recommended if
- # the oper is on wifi or specifically, unsecured wifi.
- # This setting only takes effect if m_sslinfo and m_ssl_gnutls or m_ssl_openssl
- # are loaded.
+ # Setting this option adds a decent bit of security. Highly recommended
+ # if the oper is on wifi, or specifically, unsecured wifi. Note that it
+ # is redundant to specify this option if you specify a fingerprint.
+ # This setting only takes effect if m_sslinfo is loaded.
#sslonly="yes"
# type: What oper type this oline is. See the block above for list
@@ -120,7 +120,7 @@
name="Brain"
password="s3cret"
host="ident@dialup15.isp.com *@localhost *@server.com *@3ffe::0/16"
- #fingerprint="67:CB:9D:C0:13:24:8A:82:9B:B2:17:1E:D1:1B:EC:D4"
+ #fingerprint="67cb9dc013248a829bb2171ed11becd4"
type="NetAdmin">
# oline with hashed password. It is highly recommended to use hashed passwords.
@@ -143,8 +143,8 @@
# host: What hostnames/IP's are allowed to oper up with this oline.
# Multiple options can be separated by spaces and CIDR's are allowed.
- # You CAN use just * or *@* for this section, but it is not recommended
- # for security reasons.
+ # You CAN use just * or *@* for this section, but it is not recommended
+ # for security reasons.
host="ident@dialup15.isp.com *@localhost *@server.com *@3ffe::0/16"
# type: What oper type this oline is. See the block above for list