Projects / Openwall tcb suite

Openwall tcb suite

The tcb suite implements the alternative password shadowing scheme on Openwall GNU/*/Linux (Owl) which allows many core system utilities (passwd(1) being the primary example) to operate with little privilege. It is being made available separately from Owl primarily for use by other distributions. This package contains three core components of the tcb suite: pam_tcb (a PAM module which supersedes pam_unix), libnss_tcb (the accompanying NSS module), and libtcb (a library for accessing tcb shadow files, used by the PAM and NSS modules as well as by user management tools on Owl).

Operating Systems

Recent releases

  •  17 Jul 2011 13:42

    Release Notes: The default hash encoding prefix has been changed from "$2a$" to "$2y$" (which requires crypt_blowfish 1.2 or newer).

    •  13 Jun 2010 15:45

      Release Notes: A faulty check for sparse files has been removed as needed for compatibility with modern filesystems such as btrfs.

      •  25 Feb 2010 22:21

        Release Notes: The .data section size has been reduced by 256 KB when tcb is compiled against Linux 2.6 kernel headers.

        •  12 Feb 2010 07:38

          Release Notes: A non-security buffer overflow bug with more than NGROUPS_MAX groups per user has been fixed. The Makefiles have been cleaned up.

          •  08 Apr 2009 19:39

            Release Notes: Child processes spawned by pam_tcb will now always use _exit(2) rather than exit(3) to avoid triggering side effects. When changing passwords, pam_tcb will now fsync(2) the temporary file prior to renaming it over the actual shadow file, as needed on filesystems with not entirely atomic rename(2) (XFS).


            Project Spotlight


            A Fluent OpenStack client API for Java.


            Project Spotlight

            TurnKey TWiki Appliance

            A TWiki appliance that is easy to use and lightweight.