remctl 2.5 released

Russ Allbery rra at stanford.edu
Sun Feb 4 00:40:46 EST 2007 

I'm pleased to announce release 2.5 of remctl.

remctl is a client/server application that supports remote execution of
specific commands, using Kerberos v5 GSS-API for authentication.
Authorization is controlled by a configuration file and ACL files and can
be set separately for each command, unlike with rsh.  remctl is like a
Kerberos-authenticated simple CGI server, or a combination of Kerberos rsh
and sudo without most of the features and complexity of either.

Changes from previous release:

    Automatically use a continued MESSAGE_COMMAND if the total command
    length is larger than 64KB (minus token overhead).  The remctl client
    library can now send arbitrarily large commands, at some cost in
    memory consumption on the client and server.  The server is still
    limited by the OS-imposed maximum length of a command line.

    When the server runs a command, open /dev/null for standard input
    rather than leaving standard input closed.  Some programs don't cope
    with a closed standard input.

    Audited memory handling of buffers sent to and read from the network
    and closed several memory leaks.

    Use the same limit (1MB) on token size everywhere.  Enforce the
    protocol limit on unencrypted data size (64KB) in both the server and
    when sending messages in the client.

    Correctly handle a zero-length argument at the end of a command in the
    server.  Previously, that argument was ignored.

    Check that the expected argument count matches the count of arguments
    seen in the server and that all of the client data was consumed when
    parsing arguments.

    Add a newline to the end of error messages when converting to protocol
    version one replies.  The old remctl client didn't add a newline.

    Document the limits on token size and unencrypted data size in the
    protocol specification.  Improve the protocol documentation for the
    continue status for MESSAGE_COMMAND.  Use octet instead of byte
    uniformly.

You can download it from:

    <http://www.eyrie.org/~eagle/software/remctl/>

Debian packages will be uploaded to Debian unstable after the etch
release.  In the meantime, they are available for unstable and stable from
my personal repository.  See:

    <http://www.eyrie.org/~eagle/software/debian.html>

for more details.

Please let me know of any problems or feature requests not already listed
in the TODO file.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>

More information about the Kerberos mailing list