/************************************************************************ * IRC - Internet Relay Chat, ircd/crypt/README * Copyright (C) 1991 Nelson Minar * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 1, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ The change implemented here is that the operator password in irc.conf is no longer stored in plaintext form, but is encrypted the same way that user passwords are encrypted on normal UNIX systems. Ie, instead of having O:*:goodboy:Nelson in your ircd.conf file, you have O:*:sCnvYRmbFJ7oI:Nelson You still type "/oper Nelson goodboy" to become operator. However, if someone gets ahold of your irc.conf file, they can no longer figure out what the password is from reading it. There are still other security holes, namely server-server passwords, but this closes one obvious problem. So how do you generate these icky looking strings for passwords? There's a simple program called mkpasswd to do that for you. Just run mkpasswd, and at the prompt type in your plaintext password. It will spit out the encrypted password, which you should then just copy into the irc.conf file. This should be done only when adding new passwords to your irc.conf file. To change over your irc.conf file to use encrypted passwords, define CRYPT_OPER_PASSWORD in config.h. You will need to recompile your server if you already compiled it with this feature disabled. Once compiled, edit the Makefile in this directory and chang "IRCDCONF" to your irc.conf file. Then "make install" in this directory to replace all the operator passwords in your irc.conf file with the encrypted format. Choose your passwords carefully. Do not choose something in a dictionary, make sure its at least 5 characters. Anything past 8 characters is ignored. One thing to note about crypt() passwords - for every plaintext, there are 4096 different passwords. Some valid encryptions of "goodboy" include t1Ub2RhRQHd4g sCnvYRmbFJ7oI and Xr4Z.Kg5tcdy6. The first two characters (the "salt") determine which of the 4096 passwords you will get. mkpasswd chooses the salt randomly, or alternately will let you specify one on the command line. see also - crypt(3)