remctl 3.3 released

Russ Allbery rra at stanford.edu
Wed Sep 26 00:52:56 EDT 2012


I'm pleased to announce release 3.3 of remctl.

remctl is a client/server application that supports remote execution of
specific commands, using Kerberos v5 GSS-API for authentication.
Authorization is controlled by a configuration file and ACL files and can
be set separately for each command, unlike with rsh.  remctl is like a
Kerberos-authenticated simple CGI server, or a combination of Kerberos rsh
and sudo without most of the features and complexity of either.

Changes from previous release:

    Fix a file descriptor leak when checking ACL files.  This would cause
    long-running remctld processes to eventually run out of available file
    descriptors.

    Fix some memory leaks when reloading the remctld configuration and
    several memory leaks when closing or reusing client connections in
    libremctl.

    Don't create the remctld PID file until the network socket is bound
    and listening.  This helps init scripts starting the daemon to know
    when startup is complete and the service is available.

    Remove prototypes from the Perl remctl() function.  With prototypes,
    the connection and command information could not be provided via an
    array, since the prototype forces it into scalar context.

    Fix build dependencies for language bindings to work with parallel
    builds and pass CPPFLAGS down to the language binding build systems.

    Update to rra-c-util 4.6:

    * Drop concat from the util library in favor of asprintf.
    * Fail on any error in [bx]asprintf and [bx]vasprintf.

You can download it from:

    <http://www.eyrie.org/~eagle/software/remctl/>

This package is maintained using Git; see the instructions on the above
page to access the Git repository.

Debian packages have been uploaded to Debian experimental.

Please let me know of any problems or feature requests not already listed
in the TODO file.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>


More information about the Kerberos mailing list