Password authentication for web and mobile apps (e-book)

tcb - the alternative to /etc/shadow

The tcb package contains core components of our tcb suite implementing the alternative password shadowing scheme on Owl. It is being made available separately from Owl primarily for use by other distributions. Note that you need to have the password hashing framework introduced with crypt_blowfish patched into glibc to compile and use this.

The package consists of three components: pam_tcb, libnss_tcb, and libtcb.

pam_tcb is a PAM module which supersedes pam_unix. It also implements the tcb password shadowing scheme. The tcb scheme allows many core system utilities (passwd(1) being the primary example) to operate with little privilege. libnss_tcb is the accompanying NSS module. libtcb contains code shared by the PAM and NSS modules and is also used by user management tools on Owl due to our shadow suite patches.

Please refer to our presentation slides on Owl, in particular starting with this slide, for more information.


This and older revisions of tcb are also available from the Openwall file archive. The source code of the tcb suite may be browsed via CVSweb. Also you may check out the change log.

Follow this link for information on verifying the signatures.

The tcb suite has been designed and implemented primarily by Rafal Wojtczuk with significant contributions from Solar Designer and Dmitry V. Levin. The program structure of pam_tcb and tcb_chkpwd has been influenced by that of Linux-PAM pam_unix.

tcb is fully integrated into Owl, distributions by ALT Linux team, and Mandriva Linux 2009 and up (and later in Mageia). It is available for Gentoo Linux.
/etc/tcb is natively supported in musl - a lightweight libc for Linux.

The tcb suite is a registered project with Open Hub.

You may want to check out these other PAM modules.

Quick Comment:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ