From b4c5bf615e0cd0da41222b853627ce2c893cba5c Mon Sep 17 00:00:00 2001 From: Denis Vlasenko Date: Sun, 15 Jun 2008 18:35:34 +0000 Subject: Specially for Bernhard Fischer introduce USE_BB_CRYPT which selects between libc/custom crypt routines. --- loginutils/Config.in | 89 ++++++++++++++++++++++++++++++++-------------------- 1 file changed, 55 insertions(+), 34 deletions(-) (limited to 'loginutils') diff --git a/loginutils/Config.in b/loginutils/Config.in index c57d9976e..e39fb6f79 100644 --- a/loginutils/Config.in +++ b/loginutils/Config.in @@ -13,45 +13,67 @@ config FEATURE_SHADOWPASSWDS readable by root and thus the encrypted passwords are no longer publicly readable. +config USE_BB_PWD_GRP + bool "Use internal password and group functions rather than system functions" + default n + help + If you leave this disabled, busybox will use the system's password + and group functions. And if you are using the GNU C library + (glibc), you will then need to install the /etc/nsswitch.conf + configuration file and the required /lib/libnss_* libraries in + order for the password and group functions to work. This generally + makes your embedded system quite a bit larger. + + Enabling this option will cause busybox to directly access the + system's /etc/password, /etc/group files (and your system will be + smaller, and I will get fewer emails asking about how glibc NSS + works). When this option is enabled, you will not be able to use + PAM to access remote LDAP password servers and whatnot. And if you + want hostname resolution to work with glibc, you still need the + /lib/libnss_* libraries. + + If you need to use glibc's nsswitch.conf mechanism + (e.g. if user/group database is NOT stored in /etc/passwd etc), + you must NOT use this option. + + If you enable this option, it will add about 1.5k to busybox. + config USE_BB_SHADOW bool "Use busybox shadow password functions" default y depends on USE_BB_PWD_GRP && FEATURE_SHADOWPASSWDS help - If you leave this disabled, busybox will use the system's shadow - password handling functions. And if you are using the GNU C library - (glibc), you will then need to install the /etc/nsswitch.conf - configuration file and the required /lib/libnss_* libraries in - order for the shadow password functions to work. This generally - makes your embedded system quite a bit larger. - - Enabling this option will cause busybox to directly access the - system's /etc/shadow file when handling shadow passwords. This - makes your system smaller and I will get fewer emails asking about - how glibc NSS works). When this option is enabled, you will not be - able to use PAM to access shadow passwords from remote LDAP - password servers and whatnot. - -config USE_BB_PWD_GRP - bool "Use internal password and group functions rather than system functions" - default n + If you leave this disabled, busybox will use the system's shadow + password handling functions. And if you are using the GNU C library + (glibc), you will then need to install the /etc/nsswitch.conf + configuration file and the required /lib/libnss_* libraries in + order for the shadow password functions to work. This generally + makes your embedded system quite a bit larger. + + Enabling this option will cause busybox to directly access the + system's /etc/shadow file when handling shadow passwords. This + makes your system smaller and I will get fewer emails asking about + how glibc NSS works). When this option is enabled, you will not be + able to use PAM to access shadow passwords from remote LDAP + password servers and whatnot. + +config USE_BB_CRYPT + bool "Use internal DES and MD5 crypt functions rather than system functions" + default y help - If you leave this disabled, busybox will use the system's password - and group functions. And if you are using the GNU C library - (glibc), you will then need to install the /etc/nsswitch.conf - configuration file and the required /lib/libnss_* libraries in - order for the password and group functions to work. This generally - makes your embedded system quite a bit larger. - - Enabling this option will cause busybox to directly access the - system's /etc/password, /etc/group files (and your system will be - smaller, and I will get fewer emails asking about how glibc NSS - works). When this option is enabled, you will not be able to use - PAM to access remote LDAP password servers and whatnot. And if you - want hostname resolution to work with glibc, you still need the - /lib/libnss_* libraries. - - If you enable this option, it will add about 1.5k to busybox. + If you leave this disabled, busybox will use the system's password + and group functions. Most C libraries use large (~70k) + static buffers in these functions, and also combine them + with more general DES encryption/decryption routines. + For busybox, having large static buffers is undesirable, + especially so on NOMMU machines. + + These functions produce results which are identical + to corresponding C library functions. + + If you enable this option, it will add about 4.8k to busybox + if you are building dynamically linked executable. + In static build, it makes executable _smaller_ by about 1.2k. config ADDGROUP bool "addgroup" @@ -255,4 +277,3 @@ config VLOCK work properly. endmenu - -- cgit v1.2.3