remctl 3.13 released

Russ Allbery eagle at eyrie.org
Mon Oct 10 23:20:37 EDT 2016 

I'm pleased to announce release 3.13 of remctl.

remctl is a client/server application that supports remote execution of
specific commands, using Kerberos GSS-API for authentication.
Authorization is controlled by a configuration file and ACL files and can
be set separately for each command, unlike with rsh.  remctl is like a
Kerberos-authenticated simple CGI server, or a combination of Kerberos rsh
and sudo without most of the features and complexity of either.

Changes from previous release:

    remctl-shell now also supports being run as a forced command from
    authorized_keys (or other methods).  This may be preferrable to using
    it as a shell since it doesn't require setting non-standard sshd
    options.

    The summary configuration option is now allowed for commands with
    subcommands other than ALL.  When generating a help summary (done in
    response to the command "help" with no arguments), command lines with
    a subcommand and a summary option will be run with two arguments: the
    value of the summary option and then the subcommand.  This allows
    proper generation of command summaries even for users who only have
    access to a few subcommands of a command.  Patch from Remi Ferrand.

    The build system now supports new REMCTL_PROGRAM_CFLAGS and
    REMCTL_PROGRAM_LDFLAGS variables that can be set at build time to pass
    in additional arguments when compiling and linking programs (like
    remctl and remctld) but not libraries and, more importantly, language
    bindings.  This can be used in distribution builds to pass in -fPIE
    for additional binary hardening.  (CFLAGS and LDFLAGS cannot be used
    since -fPIE breaks the builds of the dynamic modules for langauges
    like Perl.)

    Update to rra-c-util 6.1:

    * Correct return-value checks for snprintf.
    * Adjust Test::RRA::Config for new load path behavior in Perl 5.22.2.

You can download it from:

    <http://www.eyrie.org/~eagle/software/remctl/>

This package is maintained using Git; see the instructions on the above
page to access the Git repository.

Debian packages have been uploaded to Debian unstable.

Please let me know of any problems or feature requests not already listed
in the TODO file.

-- 
Russ Allbery (eagle at eyrie.org)              <http://www.eyrie.org/~eagle/>

More information about the Kerberos mailing list