remctl 2.10 released

Russ Allbery rra at stanford.edu
Sun Aug 26 17:10:01 EDT 2007


I'm pleased to announce release 2.10 of remctl.

remctl is a client/server application that supports remote execution of
specific commands, using Kerberos v5 GSS-API for authentication.
Authorization is controlled by a configuration file and ACL files and
can be set separately for each command, unlike with rsh.  remctl is like
a Kerberos-authenticated simple CGI server, or a combination of Kerberos
rsh and sudo without most of the features and complexity of either.

Changes from previous release:

    Include a rewritten Java client and a Java server implementation, both
    by Marcus Watts.  The rewritten Java client supports protocol version
    two and works with Sun Java 1.4.2, 5, and 6.

    Fix a (non-exploitable) remctld crash when the client sent more
    command arguments than it claimed it was going to send.  Thanks,
    Marcus Watts.  Also added a test with a variety of malformed command
    tokens in an effort to keep bugs like this from going unnoticed in the
    future.

    The remctl client now also requests sequence protection, but the
    client and server do not insist on it or on replay protection since
    Heimdal 0.6 doesn't support replay protection.  This has been
    documented in the protocol specification as well.

    remctld when running in stand-alone mode now removes the PID file (if
    any) and exits cleanly after receiving SIGINT or SIGTERM.  Based on a
    patch by Marcus Watts.

    remctld when running in stand-alone mode now re-reads its
    configuration file file after receiving a SIGHUP.

    Don't self-destruct after an hour in stand-alone mode, fixing a bug
    introduced in 2.8.

    The libremctl client library now uses symbol versioning on Linux.

    Allow port and principal to be omitted in calls to Net::Remctl::open,
    matching the documentation.  Thanks, Marcus Watts.

    Include a dummy symbol in libportable so that it always contains at
    least one object.  Fixes compilation problems on Mac OS X 10.4 and
    Solaris 10.

    Fix builds outside the source directory by creating the docs directory
    properly, based on a patch by Marcus Watts.  Also fix make clean and
    the POD tests when run outside the source directory.

    Change the Net::Remctl documentation for remctl() to suggest 0 and the
    empty string as default values for port and principal, since this
    avoids Perl warnings.

    Check for the MIT Kerberos GSS-API library first in reduced dependency
    mode for improved reproducibility of the Debian build.

You can download it from:

    <http://www.eyrie.org/~eagle/software/remctl/>

Debian packages have been uploaded to Debian unstable.

Please let me know of any problems or feature requests not already listed
in the TODO file.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>



More information about the Kerberos mailing list