Owl: tcb - the alternative to shadow Each user is assigned a separate shadow file Each user is the owner of their shadow file Access to shadow files is group-restricted to allow for password policy enforcement The move to tcb is transparent for existing applications which rely on interfaces such as getspnam(3) (and thus on NSS) or PAM; no modifications to application sources are needed