[2725] | 1 | #
|
---|
| 2 | # For a description of the syntax of this configuration file,
|
---|
| 3 | # see scripts/kbuild/config-language.txt.
|
---|
| 4 | #
|
---|
| 5 |
|
---|
| 6 | menu "Login/Password Management Utilities"
|
---|
| 7 |
|
---|
| 8 | config FEATURE_SHADOWPASSWDS
|
---|
| 9 | bool "Support for shadow passwords"
|
---|
| 10 | default y
|
---|
| 11 | help
|
---|
| 12 | Build support for shadow password in /etc/shadow. This file is only
|
---|
| 13 | readable by root and thus the encrypted passwords are no longer
|
---|
| 14 | publicly readable.
|
---|
| 15 |
|
---|
| 16 | config USE_BB_PWD_GRP
|
---|
| 17 | bool "Use internal password and group functions rather than system functions"
|
---|
| 18 | default y
|
---|
| 19 | help
|
---|
| 20 | If you leave this disabled, busybox will use the system's password
|
---|
| 21 | and group functions. And if you are using the GNU C library
|
---|
| 22 | (glibc), you will then need to install the /etc/nsswitch.conf
|
---|
| 23 | configuration file and the required /lib/libnss_* libraries in
|
---|
| 24 | order for the password and group functions to work. This generally
|
---|
| 25 | makes your embedded system quite a bit larger.
|
---|
| 26 |
|
---|
| 27 | Enabling this option will cause busybox to directly access the
|
---|
| 28 | system's /etc/password, /etc/group files (and your system will be
|
---|
| 29 | smaller, and I will get fewer emails asking about how glibc NSS
|
---|
| 30 | works). When this option is enabled, you will not be able to use
|
---|
| 31 | PAM to access remote LDAP password servers and whatnot. And if you
|
---|
| 32 | want hostname resolution to work with glibc, you still need the
|
---|
| 33 | /lib/libnss_* libraries.
|
---|
| 34 |
|
---|
| 35 | If you need to use glibc's nsswitch.conf mechanism
|
---|
| 36 | (e.g. if user/group database is NOT stored in /etc/passwd etc),
|
---|
| 37 | you must NOT use this option.
|
---|
| 38 |
|
---|
| 39 | If you enable this option, it will add about 1.5k.
|
---|
| 40 |
|
---|
| 41 | config USE_BB_SHADOW
|
---|
| 42 | bool "Use internal shadow password functions"
|
---|
| 43 | default y
|
---|
| 44 | depends on USE_BB_PWD_GRP && FEATURE_SHADOWPASSWDS
|
---|
| 45 | help
|
---|
| 46 | If you leave this disabled, busybox will use the system's shadow
|
---|
| 47 | password handling functions. And if you are using the GNU C library
|
---|
| 48 | (glibc), you will then need to install the /etc/nsswitch.conf
|
---|
| 49 | configuration file and the required /lib/libnss_* libraries in
|
---|
| 50 | order for the shadow password functions to work. This generally
|
---|
| 51 | makes your embedded system quite a bit larger.
|
---|
| 52 |
|
---|
| 53 | Enabling this option will cause busybox to directly access the
|
---|
| 54 | system's /etc/shadow file when handling shadow passwords. This
|
---|
| 55 | makes your system smaller (and I will get fewer emails asking about
|
---|
| 56 | how glibc NSS works). When this option is enabled, you will not be
|
---|
| 57 | able to use PAM to access shadow passwords from remote LDAP
|
---|
| 58 | password servers and whatnot.
|
---|
| 59 |
|
---|
| 60 | config USE_BB_CRYPT
|
---|
| 61 | bool "Use internal crypt functions"
|
---|
| 62 | default y
|
---|
| 63 | help
|
---|
| 64 | Busybox has internal DES and MD5 crypt functions.
|
---|
| 65 | They produce results which are identical to corresponding
|
---|
| 66 | standard C library functions.
|
---|
| 67 |
|
---|
| 68 | If you leave this disabled, busybox will use the system's
|
---|
| 69 | crypt functions. Most C libraries use large (~70k)
|
---|
| 70 | static buffers there, and also combine them with more general
|
---|
| 71 | DES encryption/decryption.
|
---|
| 72 |
|
---|
| 73 | For busybox, having large static buffers is undesirable,
|
---|
| 74 | especially on NOMMU machines. Busybox also doesn't need
|
---|
| 75 | DES encryption/decryption and can do with smaller code.
|
---|
| 76 |
|
---|
| 77 | If you enable this option, it will add about 4.8k of code
|
---|
| 78 | if you are building dynamically linked executable.
|
---|
| 79 | In static build, it makes code _smaller_ by about 1.2k,
|
---|
| 80 | and likely many kilobytes less of bss.
|
---|
| 81 |
|
---|
| 82 | config USE_BB_CRYPT_SHA
|
---|
| 83 | bool "Enable SHA256/512 crypt functions"
|
---|
| 84 | default y
|
---|
| 85 | depends on USE_BB_CRYPT
|
---|
| 86 | help
|
---|
| 87 | Enable this if you have passwords starting with "$5$" or "$6$"
|
---|
| 88 | in your /etc/passwd or /etc/shadow files. These passwords
|
---|
| 89 | are hashed using SHA256 and SHA512 algorithms. Support for them
|
---|
| 90 | was added to glibc in 2008.
|
---|
| 91 | With this option off, login will fail password check for any
|
---|
| 92 | user which has password encrypted with these algorithms.
|
---|
| 93 |
|
---|
[3621] | 94 | INSERT
|
---|
[2725] | 95 |
|
---|
| 96 | endmenu
|
---|