I'm pleased to announce release 3.18 of remctl. remctl is a client/server application that supports remote execution of specific commands, using Kerberos GSS-API for authentication. Authorization is controlled by a configuration file and ACL files and can be set separately for each command, unlike with rsh. remctl is like a Kerberos-authenticated simple CGI server, or a combination of Kerberos ssh and sudo without most of the features and complexity of either.
Changes from previous release: Add support for PCRE2 for pcre ACLs and use it by preference over PCRE1 if it is found. UTF-8 regular expressions are not enabled by default, but can be enabled by adding (*UTF) to the beginning of the regular expression (a standard PCRE2 feature not specific to remctl). Document that pcre and regex ACL expressions are not automatically anchored at the start and end of the principal name, so they should be explicitly anchored in the configuration unless one intends to allow partial matches. The Perl libraries and the remctl test suite now require Perl 5.10 or later. Document sending SIGHUP to remctld when running in stand-alone mode to ask it to re-read its configuration file, and document that SIGTERM will cause it to exit. (Fixes #30) Mark remctl client library functions that allocate memory with their corresponding deallocation functions so that GCC 11 and later can diagnose memory deallocation bugs. Remove remaining references to pytest-runner in the Python bindings. Thanks, Ken Dreyer. Switch the Ruby bindings tests to Minitest from Test::Unit. Thanks, Ken Dreyer. Update to rra-c-util 10.2: * Fix IN6_ARE_ADDR_EQUAL Autoconf probe on macOS. * Fix compiler flag probes with Clang. * Check that Kerberos headers can be included. * Fix util/fdflag test on Solaris 11 and OpenBSD. * Suppress some additional warnings in GCC 10. You can download it from: <https://www.eyrie.org/~eagle/software/remctl/> This package is maintained using Git; see the instructions on the above page to access the Git repository. Debian packages have been uploaded to Debian unstable. Please let me know of any problems or feature requests not already listed in the TODO file. -- Russ Allbery (ea...@eyrie.org) <https://www.eyrie.org/~eagle/> ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos