remctl 3.8 released

Russ Allbery eagle at eyrie.org
Tue Jan 28 23:43:48 EST 2014


I'm pleased to announce release 3.8 of remctl.

remctl is a client/server application that supports remote execution of
specific commands, using Kerberos GSS-API for authentication.
Authorization is controlled by a configuration file and ACL files and can
be set separately for each command, unlike with rsh.  remctl is like a
Kerberos-authenticated simple CGI server, or a combination of Kerberos rsh
and sudo without most of the features and complexity of either.

Changes from previous release:

    The remctld server now uses libevent for the event loop that processes
    output from a command.  This is primarily an internal change to
    improve maintainability, but it does have some noticable if minor
    benefits: primarily, no need to poll for child process exit every five
    seconds, and therefore faster responsiveness and less resource usage
    in each remctld process.  libevent 1.4.4 or later is now required to
    build remctl.

    Rather than capping the data returned by the server in one
    MESSAGE_OUTPUT token at the rather arbitrary length of 65,000 octets,
    send up to the maximum amount of data permitted by the protocol.  This
    also slightly increases the maximum length of the output returned
    under the version one protocol.

    Fix a minor memory leak in the server when processing help commands.

    Fix a GSS-API context leak in the remctl client when failing to send a
    protocol version one token.

    Use a temporary file and atomic rename when writing the server PID
    file to avoid racing with a process monitor that tries to read the PID
    out of the file before it's written.

    Update to rra-c-util 5.2:

    * Assume calloc initializes pointers to NULL.
    * Assume free(NULL) is properly ignored.
    * Suppress shell errors from systemd probes without pkg-config.
    * Better logging and shutdown of subprocesses during testing.

    Update to C TAP Harness 3.0:

    * Reopen standard input to /dev/null when running a test list.
    * Don't leak extraneous file descriptors to tests.

You can download it from:

    <http://www.eyrie.org/~eagle/software/remctl/>

This package is maintained using Git; see the instructions on the above
page to access the Git repository.

Debian packages have been uploaded to Debian unstable.

Please let me know of any problems or feature requests not already listed
in the TODO file.

-- 
Russ Allbery (eagle at eyrie.org)              <http://www.eyrie.org/~eagle/>


More information about the Kerberos mailing list