remctl 3.16 released

Russ Allbery eagle at
Sat Oct 26 17:27:15 EDT 2019

I'm pleased to announce release 3.16 of remctl.

remctl is a client/server application that supports remote execution of
specific commands, using Kerberos GSS-API for authentication.
Authorization is controlled by a configuration file and ACL files and can
be set separately for each command, unlike with rsh.  remctl is like a
Kerberos-authenticated simple CGI server, or a combination of Kerberos ssh
and sudo without most of the features and complexity of either.

Changes from previous release:

    The Python bindings now support Python 3.  They have been tested only
    with Python 2.7 and Python 3.7, but should work with any version of
    Python 3 later than Python 3.1.

    The Python bindings have been modernized to remove obsolete syntax,
    which may mean that versions of Python back to Python 2.3 are no
    longer supported.  The bindings are only tested with Python 2.7.
    Passing in anything other than an iterable of str or bytes as the
    command to run is deprecated and support for using objects that can be
    converted to str in commands will be removed in a future release.

    Update the Python bindings documentation to use proper Python types
    and to document how str and bytes values are handled.

    Building the Python bindings now requires the setuptools, pytest,
    pytest-runner, and typing Python modules.

    Add -t flag to the remctl client to specify the network timeout.
    Thanks, Remi Ferrand.

    Fix NULL pointer dereference in the client library if allocation of
    memory fails, caught by cppcheck.

    Add GCC attributes to the declarations of the libremctl client
    functions, which will allow some minor optimization improvements and
    better compiler errors about NULL pointers.

    Check for minimum versions of Perl or Python during configure if
    building the Perl or Python bindings is requested.

    More correctly handle user-supplied CFLAGS in combination with make
    warnings when building the PHP bindings.  Add the warning flags to
    AM_CFLAGS instead of CFLAGS and pass user-supplied CFLAGS through to
    configure (but not the warning flags).  Thanks, Ken Dreyer.

    Fix Kerberos library probing with --enable-reduced-depends and
    correctly suppress probing for Kerberos library features when no
    Kerberos library is present.

    Update to rra-c-util 8.0:

    * Skip more Automake files in tests.
    * Fix warnings with current versions of GCC and cppcheck.

    Update to C TAP Harness 4.5:

    * Fix error checking for malloc failure in bstrndup.

You can download it from:


This package is maintained using Git; see the instructions on the above
page to access the Git repository.

Debian packages have been uploaded to Debian unstable.  There may be a bit
of delay due to NEW processing.

Please let me know of any problems or feature requests not already listed
in the TODO file.

Russ Allbery (eagle at             <>

More information about the Kerberos mailing list