1 | #
|
---|
2 | # For a description of the syntax of this configuration file,
|
---|
3 | # see scripts/kbuild/config-language.txt.
|
---|
4 | #
|
---|
5 |
|
---|
6 | menu "Login/Password Management Utilities"
|
---|
7 |
|
---|
8 | config FEATURE_SHADOWPASSWDS
|
---|
9 | bool "Support for shadow passwords"
|
---|
10 | default y
|
---|
11 | help
|
---|
12 | Build support for shadow password in /etc/shadow. This file is only
|
---|
13 | readable by root and thus the encrypted passwords are no longer
|
---|
14 | publicly readable.
|
---|
15 |
|
---|
16 | config USE_BB_PWD_GRP
|
---|
17 | bool "Use internal password and group functions rather than system functions"
|
---|
18 | default y
|
---|
19 | help
|
---|
20 | If you leave this disabled, busybox will use the system's password
|
---|
21 | and group functions. And if you are using the GNU C library
|
---|
22 | (glibc), you will then need to install the /etc/nsswitch.conf
|
---|
23 | configuration file and the required /lib/libnss_* libraries in
|
---|
24 | order for the password and group functions to work. This generally
|
---|
25 | makes your embedded system quite a bit larger.
|
---|
26 |
|
---|
27 | Enabling this option will cause busybox to directly access the
|
---|
28 | system's /etc/password, /etc/group files (and your system will be
|
---|
29 | smaller, and I will get fewer emails asking about how glibc NSS
|
---|
30 | works). When this option is enabled, you will not be able to use
|
---|
31 | PAM to access remote LDAP password servers and whatnot. And if you
|
---|
32 | want hostname resolution to work with glibc, you still need the
|
---|
33 | /lib/libnss_* libraries.
|
---|
34 |
|
---|
35 | If you need to use glibc's nsswitch.conf mechanism
|
---|
36 | (e.g. if user/group database is NOT stored in /etc/passwd etc),
|
---|
37 | you must NOT use this option.
|
---|
38 |
|
---|
39 | If you enable this option, it will add about 1.5k.
|
---|
40 |
|
---|
41 | config USE_BB_SHADOW
|
---|
42 | bool "Use internal shadow password functions"
|
---|
43 | default y
|
---|
44 | depends on USE_BB_PWD_GRP && FEATURE_SHADOWPASSWDS
|
---|
45 | help
|
---|
46 | If you leave this disabled, busybox will use the system's shadow
|
---|
47 | password handling functions. And if you are using the GNU C library
|
---|
48 | (glibc), you will then need to install the /etc/nsswitch.conf
|
---|
49 | configuration file and the required /lib/libnss_* libraries in
|
---|
50 | order for the shadow password functions to work. This generally
|
---|
51 | makes your embedded system quite a bit larger.
|
---|
52 |
|
---|
53 | Enabling this option will cause busybox to directly access the
|
---|
54 | system's /etc/shadow file when handling shadow passwords. This
|
---|
55 | makes your system smaller (and I will get fewer emails asking about
|
---|
56 | how glibc NSS works). When this option is enabled, you will not be
|
---|
57 | able to use PAM to access shadow passwords from remote LDAP
|
---|
58 | password servers and whatnot.
|
---|
59 |
|
---|
60 | config USE_BB_CRYPT
|
---|
61 | bool "Use internal crypt functions"
|
---|
62 | default y
|
---|
63 | help
|
---|
64 | Busybox has internal DES and MD5 crypt functions.
|
---|
65 | They produce results which are identical to corresponding
|
---|
66 | standard C library functions.
|
---|
67 |
|
---|
68 | If you leave this disabled, busybox will use the system's
|
---|
69 | crypt functions. Most C libraries use large (~70k)
|
---|
70 | static buffers there, and also combine them with more general
|
---|
71 | DES encryption/decryption.
|
---|
72 |
|
---|
73 | For busybox, having large static buffers is undesirable,
|
---|
74 | especially on NOMMU machines. Busybox also doesn't need
|
---|
75 | DES encryption/decryption and can do with smaller code.
|
---|
76 |
|
---|
77 | If you enable this option, it will add about 4.8k of code
|
---|
78 | if you are building dynamically linked executable.
|
---|
79 | In static build, it makes code _smaller_ by about 1.2k,
|
---|
80 | and likely many kilobytes less of bss.
|
---|
81 |
|
---|
82 | config USE_BB_CRYPT_SHA
|
---|
83 | bool "Enable SHA256/512 crypt functions"
|
---|
84 | default y
|
---|
85 | depends on USE_BB_CRYPT
|
---|
86 | help
|
---|
87 | Enable this if you have passwords starting with "$5$" or "$6$"
|
---|
88 | in your /etc/passwd or /etc/shadow files. These passwords
|
---|
89 | are hashed using SHA256 and SHA512 algorithms. Support for them
|
---|
90 | was added to glibc in 2008.
|
---|
91 | With this option off, login will fail password check for any
|
---|
92 | user which has password encrypted with these algorithms.
|
---|
93 |
|
---|
94 | INSERT
|
---|
95 |
|
---|
96 | endmenu
|
---|