remctl 2.15 released

Russ Allbery rra at stanford.edu
Sun Nov 29 23:08:29 EST 2009 

I'm pleased to announce release 2.15 of remctl.

remctl is a client/server application that supports remote execution of
specific commands, using Kerberos v5 GSS-API for authentication.
Authorization is controlled by a configuration file and ACL files and can
be set separately for each command, unlike with rsh.  remctl is like a
Kerberos-authenticated simple CGI server, or a combination of Kerberos rsh
and sudo without most of the features and complexity of either.

Changes from previous release:

    Allow subcommand to be omitted on the remctl command line, which sends
    a command without a subcommand.  This makes available on the command
    line functionality that was already available via the library API.

    Add the special keyword EMPTY for the subcommand field in the remctld
    configuration file, specifying that this line should only match
    commands with no subcommands.

    Allow use of ALL in the command field in the remctld configuration
    file as well as the subcommand field, matching all commands.

    Fix read of uninitialized memory caused by moving one character beyond
    the beginning of the buffer when parsing blank lines in ACL files.

    Use a socket_type typedef rather than int directly to store the file
    descriptors of sockets and, on Windows, typedef that to SOCKET instead
    of int.  Update the function signatures of the network utility
    functions appropriately.  Compare socket_type variables against an
    INVALID_SOCKET define instead of -1.  Fixes portability issues to
    64-bit Windows.  Thanks, Jeffrey Altman.

    For the Windows build, get the current version number from
    configure.ac rather than configure so that the Windows build scripts
    work from a Git checkout.  Link with the correct GSS-API library for
    64-bit Windows builds.  Correct or suppress multiple warnings.
    Thanks, Jeffrey Altman.

    Enable Automake silent rules.  For a quieter build, pass the
    --enable-silent-rules option to configure or build with make V=0.

    Update to rra-c-util 2.1:

    * Revert separation of die into a separate object file.
    * Fall back on manual library probing if krb5-config doesn't work.
    * Don't try to use a non-executable krb5-config for GSS-API probes.
    * Suppress error output from krb5-config GSS-API probes.
    * Prefer KRB5_CONFIG over a path constructed from --with-gssapi.
    * Fix network test suite failures when IPv6 is available but disabled.

    Update to C TAP Harness 1.1:

    * Summarize results at the end of test execution.

You can download it from:

    <http://www.eyrie.org/~eagle/software/remctl/>

This package is maintained using Git; see the instructions on the above
page to access the Git repository.

Debian packages have been uploaded to Debian unstable.

Please let me know of any problems or feature requests not already listed
in the TODO file.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>

More information about the Kerberos mailing list