Openwall tcb suite
The tcb suite implements the alternative password shadowing scheme on Openwall GNU/*/Linux (Owl) which allows many core system utilities (passwd(1) being the primary example) to operate with little privilege. It is being made available separately from Owl primarily for use by other distributions. This package contains three core components of the tcb suite: pam_tcb (a PAM module which supersedes pam_unix), libnss_tcb (the accompanying NSS module), and libtcb (a library for accessing tcb shadow files, used by the PAM and NSS modules as well as by user management tools on Owl).
| Tags | Software Development Libraries Application Frameworks Security Cryptography Systems Administration |
|---|---|
| Licenses | GPL BSD Original |
| Operating Systems | POSIX Linux |
| Implementation | C |
Recent releases
- 09 Apr 2009 00:08
Changes: Child processes spawned by pam_tcb will now always use _exit(2) rather than exit(3) to avoid triggering side effects. When changing passwords, pam_tcb will now fsync(2) the temporary file prior to renaming it over the actual shadow file, as needed on filesystems with not entirely atomic rename(2) (XFS).
- 20 Jun 2007 22:13
Changes: pam_sm_open_session() has been hardened to fail for unknown users. Memory leaks in the PAM module and tcb_chkpwd helper have been fixed.
- 29 Dec 2005 14:20
Changes: Support for OpenPAM and for the new interfaces provided by Linux-PAM 0.99.1.0 and above has been implemented (older versions of Linux-PAM continue to be supported). The list of global symbols exported by the library, NSS, and PAM modules has been restricted. The PAM module will no longer invoke openlog(3)/closelog(3) by default (according to the new Linux-PAM convention), unless the new option "openlog" is specified.
- 03 Jul 2004 18:28
Changes: This release corrects the usage of readdir(3) in tcb_unconvert for glibc 2.3+.
- 02 Nov 2003 16:05
Changes: The PAM module will now be built with -fPIC, and FAKEROOT has been renamed to DESTDIR.
