I'm pleased to announce release 2.4 of remctl.

remctl is a client/server application that supports remote execution of
specific commands, using Kerberos v5 GSS-API for authentication.
Authorization is controlled by a configuration file and ACL files and can
be set separately for each command, unlike with rsh. remctl is like a
Kerberos-authenticated simple CGI server, or a combination of Kerberos rsh
and sudo without most of the features and complexity of either.

Changes from previous release:

IPv6 support is now automatically enabled on systems that support it.
The remctl code uniformly uses the new IPv6-aware host and address
functions, using replacements on systems that don't provide them in
libc. Thanks to Jonathan Kollasch for the initial patch.

When sending tokens, correctly check for network errors rather than
ignoring them due to a miswritten test.

In the remctl command-line client, print a newline after protocol
error messages from the server.

Add error messages to the protocol specification for sending too many
arguments in a command and sending too much data with a command.
Return the more specific error message if the number of command
arguments exceed the current hard-coded limit rather than just
reporting a bad command token.

Don't use $< in non-pattern rules (again), fixing a build error on
some systems with non-GNU make (although since the generated man
pages are part of the distribution, only those modifying the POD
source would have seen this error).

You can download it from:

Debian packages will be uploaded to Debian unstable after the etch release
and in the meantime are available from my personal repository (see
for more information).

Please let me know of any problems or feature requests not already listed
in the TODO file.

Russ Allbery (rra@stanford.edu)
Kerberos mailing list Kerberos@mit.edu