remctl is a client/server application that supports remote execution of
specific commands, using Kerberos v5 GSS-API for authentication. Which
commands a given user can execute is controlled by a configuration file
and ACL files and can be easily tightly limited, unlike with rsh.

remctld is very similar to a CGI server that uses a different network
protocol than HTTP and always does strong authentication before executing
the desired command. Alternately, you can think of it as a very simple
combination of Kerberos rsh and sudo, without most of the features of both
but with simpler authorization.

As I talked about briefly at the AFS/Kerberos Best Practices Workshop,
I've been working on a significant rewrite of remctl with a new wire
protocol and more flexibility for future enhancements. This version is
now complete and available for public use. Please note that this is a 2.0
release, which means that there are almost certainly minor issues that
will require a follow-on release (such as a missing release date in the
NEWS file...).

You can get the current release from:



It works with both MIT Kerberos and Heimdal. Since remctl uses GSS-API,
it may work with any GSS-API implementation, but those are the only two
that I've tested it with. Further testing and bug reports about either
portability or any other issues are greatly appreciated.

remctl comes with a reasonably comprehensive test suite, although to test
most of the protocol functions you will need to provide it with a keytab.
Please see the instructions in README on how to run the test suite.

The remctl protocol specification is at:



It's still not wonderful, but it works and it's reasonably simple.
Feedback on the protocol is also welcome. Since there is currently only
one implementation, the protocol is at this point more open to revision
than it may be eventually.

We use remctl at Stanford for privileged command delegation, monitoring,
service provisioning, mail checking, account creation, and just about
every other remote command execution purpose that you can think of. Note,
though, that we've not yet deployed remctl 2.0 widely, so this version
isn't as heavily tested as previous versions (yet).

--
Russ Allbery (rra@stanford.edu)