blob: efb954b6c3e4793e77a72a6ba22c62f66a2192a8
1 | # |
2 | # For a description of the syntax of this configuration file, |
3 | # see scripts/kbuild/config-language.txt. |
4 | # |
5 | |
6 | menu "Login/Password Management Utilities" |
7 | |
8 | config FEATURE_SHADOWPASSWDS |
9 | bool "Support for shadow passwords" |
10 | default y |
11 | help |
12 | Build support for shadow password in /etc/shadow. This file is only |
13 | readable by root and thus the encrypted passwords are no longer |
14 | publicly readable. |
15 | |
16 | config USE_BB_PWD_GRP |
17 | bool "Use internal password and group functions rather than system functions" |
18 | default y |
19 | help |
20 | If you leave this disabled, busybox will use the system's password |
21 | and group functions. And if you are using the GNU C library |
22 | (glibc), you will then need to install the /etc/nsswitch.conf |
23 | configuration file and the required /lib/libnss_* libraries in |
24 | order for the password and group functions to work. This generally |
25 | makes your embedded system quite a bit larger. |
26 | |
27 | Enabling this option will cause busybox to directly access the |
28 | system's /etc/password, /etc/group files (and your system will be |
29 | smaller, and I will get fewer emails asking about how glibc NSS |
30 | works). When this option is enabled, you will not be able to use |
31 | PAM to access remote LDAP password servers and whatnot. And if you |
32 | want hostname resolution to work with glibc, you still need the |
33 | /lib/libnss_* libraries. |
34 | |
35 | If you need to use glibc's nsswitch.conf mechanism |
36 | (e.g. if user/group database is NOT stored in /etc/passwd etc), |
37 | you must NOT use this option. |
38 | |
39 | If you enable this option, it will add about 1.5k. |
40 | |
41 | config USE_BB_SHADOW |
42 | bool "Use internal shadow password functions" |
43 | default y |
44 | depends on USE_BB_PWD_GRP && FEATURE_SHADOWPASSWDS |
45 | help |
46 | If you leave this disabled, busybox will use the system's shadow |
47 | password handling functions. And if you are using the GNU C library |
48 | (glibc), you will then need to install the /etc/nsswitch.conf |
49 | configuration file and the required /lib/libnss_* libraries in |
50 | order for the shadow password functions to work. This generally |
51 | makes your embedded system quite a bit larger. |
52 | |
53 | Enabling this option will cause busybox to directly access the |
54 | system's /etc/shadow file when handling shadow passwords. This |
55 | makes your system smaller (and I will get fewer emails asking about |
56 | how glibc NSS works). When this option is enabled, you will not be |
57 | able to use PAM to access shadow passwords from remote LDAP |
58 | password servers and whatnot. |
59 | |
60 | config USE_BB_CRYPT |
61 | bool "Use internal crypt functions" |
62 | default y |
63 | help |
64 | Busybox has internal DES and MD5 crypt functions. |
65 | They produce results which are identical to corresponding |
66 | standard C library functions. |
67 | |
68 | If you leave this disabled, busybox will use the system's |
69 | crypt functions. Most C libraries use large (~70k) |
70 | static buffers there, and also combine them with more general |
71 | DES encryption/decryption. |
72 | |
73 | For busybox, having large static buffers is undesirable, |
74 | especially on NOMMU machines. Busybox also doesn't need |
75 | DES encryption/decryption and can do with smaller code. |
76 | |
77 | If you enable this option, it will add about 4.8k of code |
78 | if you are building dynamically linked executable. |
79 | In static build, it makes code _smaller_ by about 1.2k, |
80 | and likely many kilobytes less of bss. |
81 | |
82 | config USE_BB_CRYPT_SHA |
83 | bool "Enable SHA256/512 crypt functions" |
84 | default y |
85 | depends on USE_BB_CRYPT |
86 | help |
87 | Enable this if you have passwords starting with "$5$" or "$6$" |
88 | in your /etc/passwd or /etc/shadow files. These passwords |
89 | are hashed using SHA256 and SHA512 algorithms. Support for them |
90 | was added to glibc in 2008. |
91 | With this option off, login will fail password check for any |
92 | user which has password encrypted with these algorithms. |
93 | |
94 | INSERT |
95 | |
96 | endmenu |
97 |