remctl 3.5 released

Russ Allbery rra at stanford.edu
Sat Jun 29 01:07:59 EDT 2013


I'm pleased to announce release 3.5 of remctl.

remctl is a client/server application that supports remote execution of
specific commands, using Kerberos GSS-API for authentication.
Authorization is controlled by a configuration file and ACL files and can
be set separately for each command, unlike with rsh.  remctl is like a
Kerberos-authenticated simple CGI server, or a combination of Kerberos rsh
and sudo without most of the features and complexity of either.

Changes from previous release:

    Fix a long-standing race condition in remctld (introduced in remctl
    2.7) that could truncate large backend output if the backend program
    exits immediately after sending that output.  On systems with pipe
    buffers larger than 64KB, remctld could discard some buffered output
    after determining that the child had exited.  remctld now polls for
    and continues to process output from the child until no more is
    immediately available, even after the child has exited.

    If a Kerberos library and gss_krb5_import_cred are available at build
    time, libremctl now uses them to implement remctl_set_ccache to avoid
    affecting global program GSS-API state.  If those requirements are
    met, remctl_set_ccache will only affect the remctl context on which
    it's called.

    The version numbers of the Net::Remctl and Net::Remctl::Backend Perl
    modules now match the versions of the remctl package, but with at
    least two digits for the minor version so that, for example, 3.9
    (which becomes 3.09) and 3.10 will sort properly as numbers.  This
    means that, from Perl's perspective, the version numbers have gone
    backwards in this release relative to earlier 3.0 releases.  This is a
    one-time adjustment to a more reliable versioning scheme.

You can download it from:

    <http://www.eyrie.org/~eagle/software/remctl/>

This package is maintained using Git; see the instructions on the above
page to access the Git repository.

Debian packages have been uploaded to Debian unstable.

Please let me know of any problems or feature requests not already listed
in the TODO file.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>


More information about the Kerberos mailing list