The tcb suite implements the alternative password shadowing scheme on Openwall GNU/*/Linux (Owl) which allows many core system utilities (passwd(1) being the primary example) to operate with little privilege. It is being made available separately from Owl primarily for use by other distributions. This package contains three core components of the tcb suite: pam_tcb (a PAM module which supersedes pam_unix), libnss_tcb (the accompanying NSS module), and libtcb (a library for accessing tcb shadow files, used by the PAM and NSS modules as well as by user management tools on Owl).
|Tags||Software Development Libraries Application Frameworks Security Cryptography Systems Administration|
|Licenses||GPL BSD Original|
|Operating Systems||POSIX Linux|
Release Notes: The default hash encoding prefix has been changed from "$2a$" to "$2y$" (which requires crypt_blowfish 1.2 or newer).
Release Notes: A faulty check for sparse files has been removed as needed for compatibility with modern filesystems such as btrfs.
Release Notes: The .data section size has been reduced by 256 KB when tcb is compiled against Linux 2.6 kernel headers.
Release Notes: A non-security buffer overflow bug with more than NGROUPS_MAX groups per user has been fixed. The Makefiles have been cleaned up.
Release Notes: Child processes spawned by pam_tcb will now always use _exit(2) rather than exit(3) to avoid triggering side effects. When changing passwords, pam_tcb will now fsync(2) the temporary file prior to renaming it over the actual shadow file, as needed on filesystems with not entirely atomic rename(2) (XFS).