This shows you the differences between two versions of the page.
| Next revision | Previous revision | ||
|
irc:openbsd:oidentd [2019/11/08 19:29] jrmu created |
irc:openbsd:oidentd [2019/11/08 23:18] (current) jrmu |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| + | First, install oidentd: | ||
| + | |||
| <code> | <code> | ||
| $ doas pkg_add oidentd | $ doas pkg_add oidentd | ||
| + | </code> | ||
| + | |||
| + | Inside your /home/znc/home/znc/.znc/configs/znc.conf file, you will want to include the identfile module: | ||
| + | |||
| + | <code> | ||
| + | AnonIPLimit = 1000 | ||
| + | AuthOnlyViaModule = false | ||
| + | ConfigWriteDelay = 0 | ||
| + | ConnectDelay = 5 | ||
| + | HideVersion = false | ||
| + | LoadModule = chansaver | ||
| + | LoadModule = lastseen | ||
| + | LoadModule = adminlog | ||
| + | LoadModule = identfile | ||
| + | LoadModule = webadmin | ||
| + | LoadModule = certauth | ||
| + | MaxBufferSize = 10000 | ||
| + | ProtectWebSessions = true | ||
| + | SSLCertFile = /home/znc/.znc/bnc3.ircnow.org.fullchain.pem | ||
| + | SSLKeyFile = /home/znc/.znc/bnc3.ircnow.org.key | ||
| + | SSLDHParamFile = /home/znc/.znc/dhparam.pem | ||
| + | ServerThrottle = 30 | ||
| + | Version = 1.7.4 | ||
| + | |||
| + | <Listener listener0> | ||
| + | AllowIRC = true | ||
| + | AllowWeb = false | ||
| + | Host = 209.141.39.184 | ||
| + | IPv4 = true | ||
| + | IPv6 = false | ||
| + | Port = 6697 | ||
| + | SSL = true | ||
| + | URIPrefix = / | ||
| + | </Listener> | ||
| + | |||
| + | <Listener listener1> | ||
| + | AllowIRC = true | ||
| + | AllowWeb = false | ||
| + | Host = 2605:6400:0020:0434:: | ||
| + | IPv4 = false | ||
| + | IPv6 = true | ||
| + | Port = 6697 | ||
| + | SSL = true | ||
| + | URIPrefix = / | ||
| + | </Listener> | ||
| + | </code> | ||
| + | |||
| + | Put this inside /etc/oidentd.conf: | ||
| + | |||
| + | <code> | ||
| + | user "znc" { | ||
| + | default { | ||
| + | allow spoof | ||
| + | allow spoof_all | ||
| + | } | ||
| + | } | ||
| + | </code> | ||
| + | |||
| + | If this file doesn't already exist: | ||
| + | |||
| + | <code> | ||
| + | # touch /home/znc/home/znc/.oidentd.conf | ||
| + | # ln -s /home/znc/home/znc/.oidentd.conf /home/znc/.oidentd.conf | ||
| + | # chown znc:znc /home/znc/home/znc/.oidentd.conf /home/znc/.oidentd.conf | ||
| + | </code> | ||
| + | |||
| + | Add this to /etc/pf.conf: | ||
| + | |||
| + | <code> | ||
| + | pass in proto tcp to port {auth} #ident | ||
| + | </code> | ||
| + | |||
| + | <code> | ||
| + | $ doas pfctl -f /etc/pf.conf | ||
| + | </code> | ||
| + | |||
| + | You want to connect to znc and set the ident to match the account's username (to prevent users from being able to change their ident response). This allows channel ops to ban individual users without banning the entire znc's IP address: | ||
| + | |||
| + | <code> | ||
| + | /msg *identfile setformat global { reply "%user%" } | ||
| + | </code> | ||
| + | |||
| + | Put this inside /etc/rc.local: | ||
| + | |||
| + | <code> | ||
| + | if [ -x /usr/local/sbin/oidentd ]; then | ||
| + | echo -n ' oidentd'; /usr/local/sbin/oidentd -u _identd -g _identd | ||
| + | fi | ||
| + | </code> | ||
| + | |||
| + | This will run each time upon bootup. The first time, though, you will want to start it manually: | ||
| + | |||
| + | <code> | ||
| + | $ doas sh /etc/rc.local | ||
| + | </code> | ||
| + | |||
| + | You will probably also want to restart znc. You can do this as follows: | ||
| + | |||
| + | <code> | ||
| + | $ doas pkill -INT znc | ||
| + | $ doas su | ||
| + | # export HOME=/home/znc && chroot -u znc -g znc /home/znc znc > /var/log/znc.log 2>&1 & | ||
| </code> | </code> | ||