ngIRCd Users August 2013

ngircd@lists.barton.de

2 participants
2 discussions

question about Ngircd and PAM setup
by Michiel van Es 26 Aug '13

26 Aug '13

Hello, I am using the latest Ngircd on an Ubuntu 64 bit vps. I am trying to setup Ngircd with PAM. I've read the documentation for PAM here: http://ngircd.barton.de/doc/PAM.txt but I am having a few questions and issues: - I've set up /etc/pam.d/ngircd as follows: #%PAM-1.0 auth required pam_userdb.so db=/etc/ngircd/ngircd-vuser.db account required pam_userdb.so db=/etc/ngircd/ngircd-vuser.db session required pam_loginuid.so Ngircd is running under the user irc but I am not sure if the user has permissions to use this pam file as specified in the PAM.txt file? - I see the following message in /var/log/syslog: ==> /var/log/auth.log <== Aug 23 10:41:12 mail ngircd[8733]: PAM _pam_init_handlers: could not open /etc/pam.conf Aug 23 10:41:12 mail ngircd[8733]: PAM pam_start: failed to initialize handlers ==> /var/log/syslog <== Aug 23 10:41:12 mail ngircd[8733]: PAM: Failed to create authenticator! (26) Why is it looking in the empty file /etc/pam.conf and not /etc/pam.d/ngircd ? My relevant config sniplet: # Use PAM if ngIRCd has been compiled with support for it. PAM = yes PAMIsOptional = no Can I force Ngircd to look for /etc/pam.d/ngricd (world readable) ? I am using this berkley vuser setup the same way with vsftpd. Regards, Michiel

2 7

ngIRCd 20.3
by Alexander Barton 24 Aug '13

24 Aug '13

Hello! A severe bug in ngIRCd 18 up to and including 20.2 has been discovered which will crash the daemon (denial of service) and can happen when the daemon fails to send the optional "notice auth" message to new clients connecting to the server (CVE-2013-5580). So here it is, our next release: ngIRCd 20.3. Please note that only setups having the configuration option "NoticeAuth" enabled are affected, which is not the default. The only change in ngIRCd 20.3 is the fix for the above bug, all installations should upgrade. But please stay tuned, ngIRCd 21 including new features like SSL fingerprints, and include directory for configuration files, better systemd(8) support etc. is the the works, too, and I hope that we can soon release a beta version for testing. I'll keep you informed! Changes in ngIRCd 20.3: • Security: Fix a denial of service bug (server crash) which could happen when the configuration option "NoticeAuth" is enabled (which is NOT the default) and ngIRCd failed to send the "notice auth" messages to new clients connecting to the server (CVE-2013-5580). More information can be found on the homepage <http://ngircd.barton.de/> and its mirror <http://ngircd.berlios.de/>. The primary download locations are: • <ftp://ftp.berlios.de/pub/ngircd/> • <http://ngircd.barton.de/pub/ngircd/> Regards Alex

1 2

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

ngIRCd Users August 2013