tcb scheme implemented for Owl

From: Rafal Wojtczuk (nergal@private)
Date: Thu Nov 15 2001 - 13:56:58 PST


Hello,
	You may have noticed that recently a new package named "tcb" has been 
added to Owl-current. It features the new implementation of pam_unix module
and the new method of storing password hashes. The interesting point is if 
you invest your time in reading tcb(5) and tcb_convert(8) man pages, you
will be able to configure your Owl system so that many utilities can run
with low privileges. Most notably, passwd(1) does not need to be suid root.
	Currently, new features are disabled by default. Soon during install
time one will be given a choice between the old shadowed passwords scheme and 
the new tcb scheme. Meanwhile, we encourage you to test new tcb features and
share with owl-users@private the experience gained.
	You may also be interested that on 23-25th November there will be held
a Linux conference, which will feature a talk on Owl. The event is named
JWGL (http://www.7bulls.com/JWGL), it is held near Warsaw, Poland. It is the 
fourth edition of the conference which focuses on professional Linux and GNU
software appliances. The event is mostly local (the speeches are given in 
Polish), but if you want to meet Richard Stallman personally, this is the 
occasion :)
	The JWGL Owl talk will cover amongst others:
	- Owl security and design concepts
	- software developed for the needs of Owl 
	- generic methods to improve software security (examples from Owl) 
	- the tcb scheme: the "least privilege" rule in flesh 

Save yourself,
Nergal
      



This archive was generated by hypermail 2.1.3 : Sun Jan 15 2006 - 13:43:15 PST