Provisioning and administrative tools for MIT KDC

[Russ Allbery]

"Greg Wallace" <greg at emusoftware.com> writes:

> At the Fedora Users and Developer Conference yesterday they announced a
> new remote maagement project that might be interesting to people
> following this thread.
>
> You can find out more about it here:  https://fedorahosted.org/func

func a lot like remctl except with more access to the programming language
and a different authentication strategy.  It's yet another retread of a
very old idea (going back at least to the old IBM sysctl that used
Kerberos v4), also represented by CERN ARC and various other systems.  (I
think that both adm and Moira have some capabilities along these lines as
well.)

Our experience at Stanford was that we never actually needed to be able to
embed programs into the server and the additional complexity of supporting
that wasn't worth it, so remctl always runs an external program.  This has
worked quite well for us.

remctl doesn't use any of the XML languages in part because dealing with
the parsing libraries was too painful for the benefit gained in our
opinion when we started the project.  We wanted something with a
lightweight server that didn't require dependencies on scripting languages
since at the time we had a huge Solaris infrastructure.  These days, with
Linux being more common, the Python dependencies aren't as big of a deal.

You can get remctl from <http://www.eyrie.org/~eagle/software/remctl/>.
It's in widespread production use at Stanford.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>