From b9db10d3bef1ebc5cc226fe6ac219225b220a20c Mon Sep 17 00:00:00 2001 From: danieldg Date: Thu, 4 Feb 2010 19:53:39 +0000 Subject: Clarify fingerprint comments in example oper block git-svn-id: http://svn.inspircd.org/repository/branches/1_2_stable@12374 e03df62e-2008-0410-955e-edbf42e46eb7 --- conf/opers.conf.example | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/conf/opers.conf.example b/conf/opers.conf.example index d0953d320..9715db561 100644 --- a/conf/opers.conf.example +++ b/conf/opers.conf.example @@ -90,25 +90,25 @@ # host: What hostnames/IP's are allowed to oper up with this oline. # Multiple options can be separated by spaces and CIDR's are allowed. - # You CAN use just * or *@* for this section, but it is not recommended - # for security reasons. + # You CAN use just * or *@* for this section, but it is not recommended + # for security reasons. host="ident@dialup15.isp.com *@localhost *@server.com *@3ffe::0/16" # ** ADVANCED ** This option is disabled by default. # fingerprint: When using the m_sslinfo module, you may specify - # a key fingerprint here. This can be obtained by using the - # /fingerprint command while the module is loaded. This enhances - # security by verifying that the person opering up has the matching - # key/certificate combination. This enhances security a great deal. - # If m_sslinfo and m_ssl_gnutls/m_ssl_openssl aren't loaded, - # this option will be ignored. - #fingerprint="67:CB:9D:C0:13:24:8A:82:9B:B2:17:1E:D1:1B:EC:D4" + # a key fingerprint here. This can be obtained by using the /sslinfo + # command while the module is loaded, and is also noticed on connect. + # This enhances security by verifying that the person opering up has + # a matching SSL client certificate, which is very difficult to + # forge (impossible unless preimage attacks on the hash exist). + # If m_sslinfo isn't loaded, this option will be ignored. + #fingerprint="67cb9dc013248a829bb2171ed11becd4" # sslonly: This oper can only oper up if they're using a SSL connection. - # Setting this option adds a decent bit of security. Highly recommended if - # the oper is on wifi or specifically, unsecured wifi. - # This setting only takes effect if m_sslinfo and m_ssl_gnutls or m_ssl_openssl - # are loaded. + # Setting this option adds a decent bit of security. Highly recommended + # if the oper is on wifi, or specifically, unsecured wifi. Note that it + # is redundant to specify this option if you specify a fingerprint. + # This setting only takes effect if m_sslinfo is loaded. #sslonly="yes" # type: What oper type this oline is. See the block above for list @@ -120,7 +120,7 @@ name="Brain" password="s3cret" host="ident@dialup15.isp.com *@localhost *@server.com *@3ffe::0/16" - #fingerprint="67:CB:9D:C0:13:24:8A:82:9B:B2:17:1E:D1:1B:EC:D4" + #fingerprint="67cb9dc013248a829bb2171ed11becd4" type="NetAdmin"> # oline with hashed password. It is highly recommended to use hashed passwords. @@ -143,8 +143,8 @@ # host: What hostnames/IP's are allowed to oper up with this oline. # Multiple options can be separated by spaces and CIDR's are allowed. - # You CAN use just * or *@* for this section, but it is not recommended - # for security reasons. + # You CAN use just * or *@* for this section, but it is not recommended + # for security reasons. host="ident@dialup15.isp.com *@localhost *@server.com *@3ffe::0/16" # type: What oper type this oline is. See the block above for list -- cgit v1.3.1-10-gc9f91