Setting up NickServ

NickServ offers two possible configurations, based on your preference for network management. NickServ offers nickname-based account registration; in this configuration, users will own their nickname or group of nicknames. UserServ offers account-based registrations; users will own an account, but that account does not give them ownership over any specific nicknames. See no_nick_ownership for additional details.

NickServ Block

The nickserv{} block contains settings for the NickServ service bot and related nick/account management options.

A fully configured nickserv{} block may look like:

nickserv {
spam;
nick = "NickServ";
user = "NickServ";
host = "misconfigured.network";
real = "Nickname Services";
aliases {
"ID" = "IDENTIFY";
"MYACCESS" = "LISTCHANS";
};
maxnicks = 5;
expire = 30;
enforce_delay = 30;
enforce_prefix = "Luser";
waitreg_time = 60;
cracklib_dict = "/var/cache/cracklib/cracklib_dict";
#pwquality_warn_only;
shorthelp = "REGISTER IDENTIFY LOGOUT GROUP DROP";
};

Services Bot Options

NickServ supports all standard services bot options.

spam

The spam value defines if NickServ should tell new users about the option to use services on your network. If enabled, a new user will receive the following message from NickServ:

Welcome to <network>, <nick>! Here on <network> we provide services to enable registration of nicknames and channels! For details, type /msg NickServ HELP and /msg ChanServ HELP

This value may be either enabled (spam;) or disabled by commenting it out (#spam;) or removing it.

no_nick_ownership

Enabling this value will disable nickname ownership on your network. This will change "nickname" to "account" in most messages, disable GHOST on users not logged in to the same account and disables the spam directive.

If using no_nick_ownership, it is suggested that the nickname for this service be set to UserServ, and the nickserv/login module be loaded instead of nickserv/identify.

This value may be either enabled (no_nick_ownership;) or disabled by commenting it out (#no_nick_ownership;) or removing it.

maxnicks

If GROUP is loaded, maxnicks defines the maximum amount of nicknames one user can register.

Example: maxnicks = 5;

expire

The number of days without use before an inactive nickname registration will expire.

You may either set the value to 0 or comment out this block to disable nickname expiration entirely.

Example: expire = 30;

Enforce Settings

When NickServ is configured to allow nickname ownership, users may enable the ENFORCE option on their account to activate nickname enforcement. When enforcement is enabled, after a short grace period, any user with a nickname grouped to the owner's account is automatically renamed to a different nickname unless they authenticate to the correct account within the grace period.

enforce_expire

The number of days without use after which ENFORCE is ignored.

enforce_delay

The number of seconds before a user using an enforced nickname is renamed.

Example: enforce_delay = 30;

enforce_prefix

The prefix to use when changing a user's nickname after enforcement is applied. This is always <prefix><random numbers>, e.g. Guest12345.

Example: enforce_prefix = "Guest";

waitreg_time

The amount of time (in seconds) users have to wait after connecting to the network before they are allowed to register an account with services.

Requires modules/nickserv/waitreg to be loaded.

  • Minimum value, 0, disables the enforced delay.
  • Maximum value, 43200, delays registration for 12 hours.

Example: waitreg_time = 0;

Password Quality Options

cracklib_dict

The location and filename prefix of the cracklib dictionaries for use with nickserv/pwquality. This must be provided if you are going to use nickserv/pwquality with cracklib support enabled.

If not using cracklib support, you may safely leave this value commented out.

Example: cracklib_dict = "/var/cache/cracklib/cracklib_dict";

passwdqc_*

If using nickserv/pwquality with passwdqc support enabled, these values are used to configure your passwdqc settings. Please see the passwdqc.conf(5) documentation for a detailed explaination of these values.

Example:

passwdqc_max = 288; /* (8 <= value <= 288) */
passwdqc_min_n0 = 20; /* (0 <= value <= passwdqc_max) */
passwdqc_min_n1 = 16; /* (0 <= value <= passwdqc_min_n0) */
passwdqc_min_n2 = 16; /* (0 <= value <= passwdqc_min_n1) */
passwdqc_min_n3 = 12; /* (0 <= value <= passwdqc_min_n2) */
passwdqc_min_n4 = 8; /* (0 <= value <= passwdqc_min_n3) */
passwdqc_words = 4; /* (2 <= value <= 8) */

pwquality_warn_only

If this option is enabled and nickserv/pwquality is loaded, NickServ will still allow users to register with low-quality passwords, but will warn them of their insecure password and recommend they change it.

If this option is unset, NickServ will refuse to register the user until they choose a higher quality password.

Example: #pwquality_warn_only; to prevent low-quality passwords in registration or pwquality_warn_only; to allow this.

show_custom_metadata

Setting this option will allow users to display user-set metadata in INFO output.

emailexempts

A list of email addresses exempt from account registration limits. Any email address in this block may register an unlimited number of services accounts.

Example:

emailexempts {
"services@example.int";
}

shorthelp

A list of commands that are displayed with their full description in the output of /msg NickServ HELP. Commands not in this list will be listed, but not with their descriptions. All commands with descriptions are still listed in /msg NickServ HELP COMMANDS regardless of the value set here.

If not set, this value defaults to "ACCESS CERT DROP GHOST GROUP IDENTIFY INFO LISTCHANS LISTGROUPS LISTLOGINS LISTOWNMAIL LOGOUT REGAIN REGISTER RELEASE SENDPASS SET UNGROUP"

If set to an empty string (shorthelp = "";), listing command descriptions in /msg NickServ HELP will be disabled.

A command in this list will only be printed if the corresponding module is loaded and the user has permission to use it.

Examples:

  • Custom list: shorthelp = "REGISTER IDENTIFY LOGOUT";
  • No list: shorthelp = "";
  • Default: #shorthelp = "";

Modules

By loading or choosing not to load specific modules, you can customize what features of NickServ are available on your network. You can even choose to disable NickServ entirely by not loading any of the modules/nickserv/* family of modules — please note that an authentication service (either NickServ or UserServ) is required for proper services functionality.

ModuleFeaturesNotes
modules/nickserv/mainCore components
modules/nickserv/accessNickname access lists
modules/nickserv/badmailBad email address blocking
modules/nickserv/certCertFP fingerprint management
modules/nickserv/dropDROP command
modules/nickserv/enforceNickname enforcementAlso enables enforcement commands
modules/nickserv/ghostGHOST command
modules/nickserv/groupGROUP and UNGROUP commands
modules/nickserv/helpHELP command
modules/nickserv/holdNickname expiry override (HOLD command)
modules/nickserv/identifyIDENTIFY commandEither this module or modules/nickserv/login must be loaded for users to identify to services. Select this module if allowing nickname ownership.
modules/nickserv/infoINFO command
modules/nickserv/info_lastquitShows last quit message in INFO
modules/nickserv/listLIST command
modules/nickserv/listloginsLISTLOGINS command
modules/nickserv/listmailLISTMAIL command
modules/nickserv/listownmailLISTOWNMAIL command
modules/nickserv/loginLOGIN commandEither this module or modules/nickserv/identify must be loaded for users to identify to services. Select this module if no_nick_ownership is enabled.
modules/nickserv/logoutLOGOUT command
modules/nickserv/markMARK command
/modules/nickserv/pwqualityPassword quality validationSee password quality options for settings for this module.
modules/nickserv/freezeFREEZE command
modules/nickserv/listchansLISTCHANS command
modules/nickserv/registerREGISTER commandThis module is required for users to register an account with services.
modules/nickserv/regnolimitBypass registration limits (REGNOLIMIT command)
modules/nickserv/resetpassPassword reset (RESETPASS command)
modules/nickserv/restrictRESTRICT command
modules/nickserv/returnPassword return (RETURN command)
modules/nickserv/sendpassPassword retrieval (SENDPASS command)Requires a functional MTA to work properly.
modules/nickserv/sendpass_userPassword retrieval allowed to normal users (SENDPASS command)Requires a functional MTA to work properly.
modules/nickserv/set_accountnameAllow a user to change their primary nickname (SET ACCOUNTNAME command)
modules/nickserv/set_emailSET EMAIL command
modules/nickserv/set_emailmemosSET EMAILMEMOS command
modules/nickserv/set_enforcetimeSET ENFORCETIME commandOnly usable if ENFORCE is enabled.
modules/nickserv/set_hidemailSET HIDEMAIL command
modules/nickserv/set_languageSET LANGUAGE command
modules/nickserv/set_nevergroupSET NEVERGROUP commandOnly usable if GroupServ is enabled.
modules/nickserv/set_neveropSET NEVEROP command
modules/nickserv/set_nogreetSET NOGREET command
modules/nickserv/set_nomemoSET NOMEMO command
modules/nickserv/set_noopSET NOOP command
modules/nickserv/set_nopasswordSET NOPASSWORD command
modules/nickserv/set_passwordSET PASSWORD command
modules/nickserv/set_privmsgPRIVMSG the user instead of NOTICE (SET PRIVMSG command)
modules/nickserv/set_privateAccount info hiding (SET PRIVATE command)
modules/nickserv/set_propertySET PROPERTY command
modules/nickserv/set_pubkeySET PUBKEY command
modules/nickserv/set_quietchgSET QUIETCHG command
modules/nickserv/setpassPassword retrieval uses code (SETPASS command)
modules/nickserv/statusSTATUS command
modules/nickserv/taxonomyNickname metadata viewer (TAXONOMY command)
modules/nickserv/vacationVACATION command
modules/nickserv/verifyVERIFY command
modules/nickserv/vhostVHOST command
modules/nickserv/waitregDelay services account creation