kadmin-remctl 2.2 released

Russ Allbery rra at stanford.edu
Thu Jul 31 23:23:04 EDT 2008

I'm pleased to announce release 2.2 of kadmin-remctl.

kadmin-remctl provides a remctl backend that implements basic Kerberos
account administration functions (create, delete, enable, disable, reset
password, examine) plus user password changes and a call to strength-check
a given password.  It can also provide similar management of instances and
creation, deletion, and management of accounts in MIT Kerberos, Active
Directory, and an AFS kaserver where appropriate.  Also included is a
client for privileged users to use for password resets.  Many of the
defaults and namespace checks are Stanford-specific, but it can be
modified for other sites.

Changes from previous release:

    As of this release, AFS kaserver support is frozen and no longer
    tested.  It may be removed in a future release if there is significant
    code restructuring.

    Close the kasetkey output file descriptor before checking its exit
    status so that we get accurate results.

    Produce better error messages if REMOTE_USER isn't set in the
    environment when checking authorization for instance management and
    document the use of REMOTE_USER in the man page.

You can download it from:


As of this release, kadmin-remctl is now maintained in Git.  See the above
URL for more details.

Please let me know of any problems or feature requests not already listed
in the TODO file.

Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>

More information about the Kerberos mailing list