remctl 2.16 released

Russ Allbery rra at stanford.edu
Sun May 2 21:50:39 EDT 2010


I'm pleased to announce release 2.16 of remctl.

remctl is a client/server application that supports remote execution of
specific commands, using Kerberos v5 GSS-API for authentication.
Authorization is controlled by a configuration file and ACL files and can
be set separately for each command, unlike with rsh.  remctl is like a
Kerberos-authenticated simple CGI server, or a combination of Kerberos rsh
and sudo without most of the features and complexity of either.

Changes from previous release:

    Add Ruby bindings contributed by Anthony M. Martinez, enabled with
    --enable-ruby at configure time.  These bindings are tested with Ruby
    1.8 and may not work with older versions.  See ruby/README for more
    information.

    remctld now includes support for a PCRE (Perl-compatible regular
    expressions) ACL type if the PCRE library is found at configure time.
    A PCRE ACL matches any user whose identity matches the given
    Perl-compatible regular expression.  Based on work contributed by
    Anton Lundin.

    remctld now includes support for a POSIX regex ACL type if the system
    supports the POSIX regex API.  A regex ACL matches any user whose
    identity matches the given POSIX extended regular expression.  Based
    on work contributed by Anton Lundin.

    remctld now sets the environment variable REMCTL_COMMAND to the
    command (not subcommand or arguments) that causes a program to be
    run.  Thanks, Thomas L. Kula.

    remctld -h now reports the list of supported ACL methods for that
    build of remctld.

    Add an example SMF manifest for the remctld daemon in
    examples/remctld.xml.  Contributed by Peter Eriksson.

    Fix PHP test suite to work with PHP 5.3, which no longer passes
    environment variables down to the running test program.

    Stop passing GCC-specific warning suppression flags into the language
    binding build systems unless the compiler used to build remctl is GCC.
    This still isn't quite right, since the language bindings may use a
    different compiler than the main remctl build, but it should be closer
    than the previous behavior of using GCC flags unconditionally.

    Update to rra-c-util 2.4:

    * Improve network error handling with unknown address domains.
    * Disable xmalloc test except for maintainers.
    * Break util/util.h apart into separate header files.
    * Add additional GCC function attributes to utility libraries.
    * Use AC_TYPE_LONG_LONG_INT instead of AC_CHECK_TYPES([long long]).

    Update to C TAP Harness 1.2:

    * Summarize results at the end of test execution.
    * Add diag and sysdiag functions to the basic TAP library.
    * Clean up data types in the basic C TAP library.
    * Add the GCC nonnull attribute to the TAP library bail functions.

You can download it from:

    <http://www.eyrie.org/~eagle/software/remctl/>

This package is maintained using Git; see the instructions on the above
page to access the Git repository.

Debian packages have been uploaded to Debian unstable.

Please let me know of any problems or feature requests not already listed
in the TODO file.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>



More information about the Kerberos mailing list