Index Index for
Section 5
Index Alphabetical
listing for I
Bottom of page Bottom of
page		 

IAUTH.CONF(5)


NAME

  iauth.conf - The Internet Relay Chat Authentication Configuration File


DESCRIPTION

  The iauth.conf file is read by the iauth program upon startup, it contains
  the list of modules that should be used to authenticate a particular
  connection.  The list is ordered, which means that the first module to
  successfully authenticate a connection will be the last to be tried.

  The file is divided in sections, the first section is used for iauth
  options, each subsequent section specifies a module with eventual options
  using the following format:

       module module-name
       [TAB]option = string
       [TAB]host = host-name
       [TAB]ip = ip-address
       [TAB]timeout = value

  The section ends with an empty line.	The module-name defines which module
  the section applies to.  A particular module may be used in several
  sections.  A string of undefined format may be specified, it will then be
  passed to the module upon initialization, see the MODULES section to find
  out if a module accepts any option.

  If host-name and ip-address fields are specified, then the module will only
  be used for connections matching one of the fields given in the
  configuration.  An entry prefixed with the character ! indicates a negative
  match.  IP addresses are checked first.

  If no host nor ip entry is specified, then the module will always be used.

  When writing a configuration file, one should always verify the syntax
  using the iauth program to avoid later problems.


IAUTH OPTIONS

  timeout = <seconds>
       This allows to specify how much time each module has to complete its
       work for each connection.  This option can also be specified
       individually for each module.  The default is 30 seconds.

  required
       By specifying this keyword, the IRC server is told not to accept new
       user connections unless the authentication is handled by iauth.	This
       does NOT mean that the server will wait forever to get the data from
       iauth, see the notimeout option.

  notimeout
       By specifying this keyword, the IRC server is told not to accept new
       user connections if iauth hasn't finished its work in time.

  extinfo
       This keyword allows extra information (user supplied username, and
       eventually password) to be received by iauth from the server.  This is
       only useful is a module using this information is loaded.

  shared <name> <mod_name.so>
       If iauth was compiled with Dynamically Shared Module support, it can
       be told to dynamically load a module using this option.	The module
       can then be loaded.


MODULES

  pipe This module is provided as a replacement to the (now obsolete) R
       configuration lines supported by the IRC daemon.	 It runs an external
       program with the client IP and port as arguments.  The program should
       output either 'Y' (Yes, let the client in), or 'N' (No, don't let them
       in).

       Note that this module is quite expensive as it forks a separate
       process for each connection received by the IRC daemon.

       This module requires the following option:
       prog=/path/to/external/program

  socks
       This module performs a basic check to verify that the host where the
       connection originated from doesn't run a SOCKS v4 or v5 proxy server
       on port 1080 that is open to the world.	It is useful to reject
       abusive clients using a relay to evade kill lines and bans.

       This module understands seven options: reject to reject connections
       originating from a host where an open proxy was detected, log to log
       hostnames where an open proxy is detected.  paranoid to consider
       proxies which deny the request because of a userid/ident mismatch to
       be OPEN proxies.	 cache[=value] to set the cache lifetime in minutes.
       By default, caching is enabled for 30 minutes.  A value of 0 disables
       caching.	 careful to make sure socks v5 is properly configured with IP
       rulesets.  Without this parameter, module will not send additional
       query and assume first positive answer as valid.	 v4only to check only
       socks v4.  v5only to check only socks v5.

  rfc931
       This module is for authentication TCP connections using the protocol
       defined in RFC 1413 (which obsoletes RFC 931).  It is always loaded,
       and does not recognize the host nor ip fields.

  lhex This module acts as a proxy, communicating with a LHEx server to
       perform authentication of client connections.  It takes a single
       (mandatory) option, which is the IP-address of the LHEx server to use.


EXAMPLE

  The following file will cause the IRC daemon to reject all connections
  originating from a system where an open proxy is running for hosts within
  *.fr and *.enserb.u-bordeaux.fr but not for other hosts matching *.u-
  bordeaux.fr.	For all connections, an ident lookup (RFC 1413) will be
  performed. In addition, every connection is authenticated with the LHEx
  server at IP-address 127.0.0.1.

       module socks
	       option = reject,paranoid
	       host = *.enserb.u-bordeaux.fr
	       host = !*.u-bordeaux.fr
	       host = *.fr

       module rfc931

       module lhex
	       option = 127.0.0.1


CAVEATS

  When the option extinfo is set, connections registering as a server or a
  service with the IRC server are not guaranteed to receive the "user"
  authentication provided by modules (such as the rfc931 module).


COPYRIGHT

  (c) 1998,1999 Christophe Kalt

  For full COPYRIGHT see LICENSE file with IRC package.


FILES

  "iauth.conf"


SEE ALSO

  iauth(8)


AUTHOR

  Christophe Kalt.

Index Index for
Section 5
Index Alphabetical
listing for I
Top of page Top of
page