remctl 2.8 released

Russ Allbery rra at stanford.edu
Wed Jun 27 21:16:24 EDT 2007 

I'm pleased to announce release 2.8 of remctl.

remctl is a client/server application that supports remote execution of
specific commands, using Kerberos v5 GSS-API for authentication.
Authorization is controlled by a configuration file and ACL files and can
be set separately for each command, unlike with rsh.  remctl is like a
Kerberos-authenticated simple CGI server, or a combination of Kerberos rsh
and sudo without most of the features and complexity of either.

Changes from previous release:

    Add a Net::Remctl Perl module, optionally compiled (and enabled with
    the --enable-perl configure flag), that provides native Perl bindings
    to the libremctl client library.

    Fix various null pointer dereferences in the simplified remctl client
    library call when the server returns an error.

    When running in stand-alone mode, remctld now forks a new child for
    each incoming connection and can therefore handle multiple
    simultaneous connections.  This makes stand-alone mode useful for more
    than just testing.  Also, remctld now backgrounds itself by default in
    stand-alone mode; disable this with the -F flag.  Based on a patch by
    Andrew Mortensen.

    Add a new -k flag to remctld to tell it to use a non-default keytab.
    Thanks, Andrew Mortensen.

    Default to port 4444 in the library if a port of 0 is passed in, and
    (following the documentation) default to host/<hostname> if a NULL
    principal is passed in.

    remctld now exits properly when it can't parse its configuration file
    rather than proceeding with a null configuration.

    Fix problems with the parameter types for GSS-API memory freeing
    functions in some error cases.

    In the test suite, fix the kinit flags for MIT Kerberos 1.6.

You can download it from:

    <http://www.eyrie.org/~eagle/software/remctl/>

Debian packages have been uploaded to Debian unstable.  Due to the new
Perl module package, they'll require NEW processing; it may be a few weeks
before they're available.

Please let me know of any problems or feature requests not already listed
in the TODO file.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>

More information about the Kerberos mailing list