NAME<\/a> set_tcb<\/b> \u2212 Wrapper script to convert between shadow and tcb passwords<\/p>\n The tcb package is an alternative to the traditional shadow password scheme, developed by the Openwall Project. It provides the tools tcb_convert(8) and tcb_unconvert<\/b>(8) which converts the actual password files between the \/etc\/shadow<\/i> format and the \/etc\/tcb<\/i> format. These tools do not change other required files, such as PAM files, login.defs<\/i>, or nsswitch.conf<\/i>(5). set_tcb<\/b>(8) makes those changes as well as calling the required tcb conversion tool.<\/p>\n set_tcb comes with some very basic options:<\/p>\n –tcb<\/b><\/p>\n<\/td>\n Converts from shadow passwords to tcb passwords, by modifying \/etc\/login.defs<\/i>, \/etc\/nsswitch.conf<\/i>, and \/etc\/pam.d\/system-auth<\/i>.<\/p>\n<\/td>\n<\/tr>\n<\/table>\n –shadow<\/b><\/p>\n Converts from tcb passwords to shadow passwords, by modifying \/etc\/login.defs<\/i>, \/etc\/nsswitch.conf<\/i>, and \/etc\/pam.d\/system-auth<\/i>.<\/p>\n –hash<\/b><\/p>\n<\/td>\n Configures the system to use the specified password hash. Available choices are \u2019md5\u2019, \/etc\/login.defs<\/i> and \/etc\/pam.d\/system-auth<\/i>. set_tcb does not support using DES crypt passwords.<\/p>\n<\/td>\n<\/tr>\n<\/table>\n –migrate<\/b><\/p>\n Configures the system to use pam_tcb instead of pam_unix. Although pam_tcb operates well enough when called as pam_unix, a number of features are not supported until they are specified in \/etc\/pam.d\/system-auth<\/i>, such as selection of password hash. This option will replace calls to pam_unix with calls to pam_tcb and add the supported options. It will also enable blowfish passwords by default. Finally, it will add TCB\/CRYPT-related keywords to \/etc\/login.defs<\/i> if required and comment out the PASS_MIN_LEN option which TCB does not use\/understand.<\/p>\n –revert<\/b><\/p>\n In the unlikely event you wish to revert from using pam_tcb to the original pam_unix, you can do so with this switch. It will replace all calls to pam_tcb with original options to pam_unix. As a result, you will be unable to use alternate password hashes such as blowfish because pam_unix does not understand them, although it will authenticate against alternate password hashes. New passwords will be in the traditional md5 format. It will also uncomment the PASS_MIN_LEN option and comment the USE_TCB option.<\/p>\n –nis<\/b><\/p>\n<\/td>\n Configures \/etc\/pam.d\/system-auth<\/i> to support authentication against NIS. Because NIS passwords are not shadow passwords (functionally equivalent to using \/etc\/passwd<\/i> rather than \/etc\/shadow<\/i> to store passwords), pam_tcb must be told to also look at passwd as a source of passwords instead of just shadow (or tcb). If you are using NIS+ you may also have to manually modifiy system-auth<\/i> and add the “nisplus” option (see pam_tcb<\/b>(8) for more details).<\/p>\n<\/td>\n<\/tr>\n<\/table>\n When set_tcb converts a password type, it will automatically remove the old password format. For instance, when converting to tcb, it will remove \/etc\/shadow<\/i> upon successful completion.<\/p>\n set_tcb exits with exit status 1 on any failures. No files are replaced on failure. set_tcb exits with exit status 0 on successful conversion.<\/p>\n
OVERVIEW<\/a>
COMMANDS<\/a>
EXIT STATUS<\/a>
SEE ALSO<\/a>
AUTHORS<\/a> <\/p>\n
\nNAME <\/a> <\/h2>\n
OVERVIEW <\/a> <\/h2>\n
COMMANDS <\/a> <\/h2>\n
\n
\n <\/td>\n \n <\/td>\n \n \n
\n <\/td>\n \n <\/td>\n \n \n
\n <\/td>\n \n <\/td>\n \n EXIT STATUS <\/a> <\/h2>\n
SEE ALSO <\/a> <\/h2>\n