remctl 2.11 released

Russ Allbery rra at stanford.edu
Fri Nov 9 14:48:47 EST 2007 

I'm pleased to announce release 2.11 of remctl.

remctl is a client/server application that supports remote execution of
specific commands, using Kerberos v5 GSS-API for authentication.
Authorization is controlled by a configuration file and ACL files and can
be set separately for each command, unlike with rsh.  remctl is like a
Kerberos-authenticated simple CGI server, or a combination of Kerberos rsh
and sudo without most of the features and complexity of either.

Changes from previous release:

    remctl now has an official port registered with IANA (4373), replacing
    the original, poorly-chosen port of 4444.  The previous port conflicts
    with the krb524 service.  The remctld server and example configuration
    files have been changed to bind to port 4373 by default if no port is
    specified.  The client will attempt to connect to port 4373 first if
    no port is specified and then fall back to trying 4444.  All sites
    running remctl are encouraged to upgrade their clients and then
    migrate their servers to the new port.  Support for the old port
    without explicit configuration will be phased out in a future release.

    Stop using stdout and stderr as structure members, fixing compilation
    problems on AIX, NetBSD, and other platforms.

    Fix (non-exploitable) segfaults in remctld when sent a command with a
    type and no service (not permitted by the command-line client but
    possible with the library API).  Thanks to Marcus Watts for the
    analysis.

    Port to the Kerberos GSS-API implementation shipped with AIX 5.2.
    Thanks to Sandor Sklar for bug reports and testing.

    Improve the configuration file documentation in the remctld man page.
    Document the first-match properties.

You can download it from:

    <http://www.eyrie.org/~eagle/software/remctl/>

Debian packages will be uploaded to Debian unstable once ftp-master is
available again.

Please let me know of any problems or feature requests not already listed
in the TODO file.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>

More information about the Kerberos mailing list