remctl 3.18 released
Russ Allbery
eagle at eyrie.org
Mon May 9 00:58:58 EDT 2022
I'm pleased to announce release 3.18 of remctl.
remctl is a client/server application that supports remote execution of
specific commands, using Kerberos GSS-API for authentication.
Authorization is controlled by a configuration file and ACL files and can
be set separately for each command, unlike with rsh. remctl is like a
Kerberos-authenticated simple CGI server, or a combination of Kerberos ssh
and sudo without most of the features and complexity of either.
Changes from previous release:
Add support for PCRE2 for pcre ACLs and use it by preference over
PCRE1 if it is found. UTF-8 regular expressions are not enabled by
default, but can be enabled by adding (*UTF) to the beginning of the
regular expression (a standard PCRE2 feature not specific to remctl).
Document that pcre and regex ACL expressions are not automatically
anchored at the start and end of the principal name, so they should be
explicitly anchored in the configuration unless one intends to allow
partial matches.
The Perl libraries and the remctl test suite now require Perl 5.10 or
later.
Document sending SIGHUP to remctld when running in stand-alone mode to
ask it to re-read its configuration file, and document that SIGTERM
will cause it to exit. (Fixes #30)
Mark remctl client library functions that allocate memory with their
corresponding deallocation functions so that GCC 11 and later can
diagnose memory deallocation bugs.
Remove remaining references to pytest-runner in the Python bindings.
Thanks, Ken Dreyer.
Switch the Ruby bindings tests to Minitest from Test::Unit. Thanks,
Ken Dreyer.
Update to rra-c-util 10.2:
* Fix IN6_ARE_ADDR_EQUAL Autoconf probe on macOS.
* Fix compiler flag probes with Clang.
* Check that Kerberos headers can be included.
* Fix util/fdflag test on Solaris 11 and OpenBSD.
* Suppress some additional warnings in GCC 10.
You can download it from:
<https://www.eyrie.org/~eagle/software/remctl/>
This package is maintained using Git; see the instructions on the above
page to access the Git repository.
Debian packages have been uploaded to Debian unstable.
Please let me know of any problems or feature requests not already listed
in the TODO file.
--
Russ Allbery (eagle at eyrie.org) <https://www.eyrie.org/~eagle/>
More information about the Kerberos
mailing list