remctl 2.10 released
Russ Allbery
rra at stanford.edu
Sun Aug 26 17:10:01 EDT 2007
I'm pleased to announce release 2.10 of remctl.
remctl is a client/server application that supports remote execution of
specific commands, using Kerberos v5 GSS-API for authentication.
Authorization is controlled by a configuration file and ACL files and
can be set separately for each command, unlike with rsh. remctl is like
a Kerberos-authenticated simple CGI server, or a combination of Kerberos
rsh and sudo without most of the features and complexity of either.
Changes from previous release:
Include a rewritten Java client and a Java server implementation, both
by Marcus Watts. The rewritten Java client supports protocol version
two and works with Sun Java 1.4.2, 5, and 6.
Fix a (non-exploitable) remctld crash when the client sent more
command arguments than it claimed it was going to send. Thanks,
Marcus Watts. Also added a test with a variety of malformed command
tokens in an effort to keep bugs like this from going unnoticed in the
future.
The remctl client now also requests sequence protection, but the
client and server do not insist on it or on replay protection since
Heimdal 0.6 doesn't support replay protection. This has been
documented in the protocol specification as well.
remctld when running in stand-alone mode now removes the PID file (if
any) and exits cleanly after receiving SIGINT or SIGTERM. Based on a
patch by Marcus Watts.
remctld when running in stand-alone mode now re-reads its
configuration file file after receiving a SIGHUP.
Don't self-destruct after an hour in stand-alone mode, fixing a bug
introduced in 2.8.
The libremctl client library now uses symbol versioning on Linux.
Allow port and principal to be omitted in calls to Net::Remctl::open,
matching the documentation. Thanks, Marcus Watts.
Include a dummy symbol in libportable so that it always contains at
least one object. Fixes compilation problems on Mac OS X 10.4 and
Solaris 10.
Fix builds outside the source directory by creating the docs directory
properly, based on a patch by Marcus Watts. Also fix make clean and
the POD tests when run outside the source directory.
Change the Net::Remctl documentation for remctl() to suggest 0 and the
empty string as default values for port and principal, since this
avoids Perl warnings.
Check for the MIT Kerberos GSS-API library first in reduced dependency
mode for improved reproducibility of the Debian build.
You can download it from:
<http://www.eyrie.org/~eagle/software/remctl/>
Debian packages have been uploaded to Debian unstable.
Please let me know of any problems or feature requests not already listed
in the TODO file.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the Kerberos
mailing list