I'm pleased to announce release 2.3 of remctl.

remctl is a client/server application that supports remote execution of
specific commands, using Kerberos v5 GSS-API for authentication. Which
commands a given user can execute is controlled by a configuration file
and ACL files and can be easily tightly limited, unlike with rsh. It's
like a Kerberos-authenticated simple CGI server, or a combination of
Kerberos rsh and sudo without most of the features and complexity of

Changes from previous release:

Increase the maximum number of arguments the server will accept for a
command to 4096 from 64. This is an arbitrary limit to protect
against memory-consumption denial-of-service attacks.

Document the exit status of the remctl client.

Add the -S flag to remctld, which tells it to log to standard output
and standard error rather than syslog. Use this flag in the test
suite so that make check doesn't spew into a system's syslog.

Require Automake 1.10 and Autoconf 2.60 and use AC_CONFIG_LIBOBJ_DIR
to locate replacements for missing system functions. This means that
an Automake patch is no longer required for bootstrapping and remctl
will now work with stock Autoconf and Automake.

You can download it from:

Debian packages will be uploaded to Debian unstable. In the meantime, you
can get packages for both etch and sarge from my personal repository at:

deb http://archives.eyrie.org/debian unstable main
deb-src http://archives.eyrie.org/debian unstable main

Please let me know of any problems or feature requests not already listed
in the TODO file.

Russ Allbery (rra@stanford.edu)