changes since 2.11:
If no server principal is specified on the remctl command line or
in the remctl() or remctl_open() C or Perl library interfaces,
remctl now uses a host-based service name for the server instead
of a Kerberos principal of host/server. The practical effect of
this is that domain-realm mapping rules will be applied rather
than assuming the server's principal is in the local domain and,
for the C and Perl library interfaces, server name canonicalization
will be done if configured in the GSS-API library. Users of the
C or Perl library interfaces will find that remctl now authenticates
to a principal for the host after a forward and reverse DNS lookup
instead of the host specified in the API call with most GSS-API
libraries. To disable this canonicalization behavior, see your
GSS-API library documentation; setting rdns in [libdefaults] to
false works for MIT Kerberos. The remctl command-line client
continues to canonicalize its host argument always prior to any
network connection or GSS-API calls.
Add documentation of hostname canonicalization and the choice of
authentication principals to the remctl client, remctl() and
remctl_open() C API, and Net::Remctl Perl API documentation.
Fix a place in libremctl where the library would call exit rather
than returning an error on memory allocation failure.
Standardize on lowercase first characters in library error strings.
Include the Windows port of the client done by Matthew Loar. See
README for information on requirements and compilation. Only the
client shared library and command-line utility are supported or
built currently. I cannot easily test this code and probably broke
it when integrating the patch; please report any problems so that
they can be fixed in subsequent releases.
When running the server in standalone mode, set the network file
descriptors close-on-exec so that they're not inherited by commands
run by remctl. Also close the low-numbered file descriptors before
running a command to catch the replay cache file, which isn't
marked close-on-exec in older versions of MIT Kerberos.
When passing a variable set to undef into remctl_open in the Perl
API, the principal was converted to the empty string. Adjust
Net::Remctl to recognize the empty string as an unspecified
principal.
The configure option to specify the path to the GSS-API libraries
is now --with-gssapi instead of --with-kerberos and the GSS-API
probes should be more robust.
Delete the man page symlinks before recreating them so that
reinstalls work. Thanks, Nicholas Riley.
Belatedly bump the libtool versioning for libremctl for the port
number change in the previous release. (This is primarily for
documentation purposes and doesn't change the library SONAME.)
Add support for ACL methods in the remctld server. The supported
schemes in this release are file and princ, which together provide
the same functionality as earlier releases, plus deny to explicitly
reject a user who matches another ACL and support for the CMU GPUT
authorization system. There is now a framework in place for adding
new ACL methods in the future. This work was contributed by Jeffrey
Hutzelman.
changes since 2.12:
When processing the include of a directory for configuration files
or ACL files, limit the files read to those whose names contain
only characters in [a-zA-Z0-9_-]. This replaces the previous
exclusion of files containing periods and also excludes Emacs
backup and temporary files. Thanks, Timothy G. Abbott.
Add a PHP remctl PECL module from Andrew Mortensen, enabled with
--enable-php at configure time. These bindings are only tested
with PHP 5.
Add Python bindings from Thomas L. Kula, enabled with --enable-python
at configure time. These bindings are tested with Python 2.5 but
should work with versions back to 2.3.
Include all *.class files in the JAR file built by java/Makefile,
making the resulting JAR actually useful. Thanks, Marcus Watts.
Add an ant build configuration for the Java remctl implementation.
It also has the capability to generate a distribution of just the
Java implementation using a file layout more similar to an Apache
Jakarta project than the layout of the java subdirectory.
Several Windows fixes from Matthew Loar, plus really include
portable/winsock.c in the distribution. This version should now
build and run on Windows.
With --with-gssapi, attempt to determine if the library directory
is lib32 or lib64 instead of lib and set LDFLAGS accordingly.
Based on an idea from the CMU Autoconf macros.
Add --with-gssapi-include and --with-gssapi-lib options to set
the include and library paths separately if needed.
Restore GSS-API portability checks for old versions of MIT Kerberos
accidentally dropped in the previous release.
Provide a proper bool type when built with Sun Studio 12 on Solaris
10. Thanks, Jeffrey Hutzelman.
Sanity-check the results of krb5-config before proceeding and
error out in configure if they don't work.
Fix Autoconf syntax error when probing for libkrb5support. Thanks,
Mike Garrison.
Create the docs directory in the build tree if it's missing, fixing
a build failure when builddir != srcdir. Thanks, Jeffrey Hutzelman.
In standalone mode, close the main server socket immediately in
the child handler processes. Since the socket was already marked
close on exec, this probably only matters for consistent test
suite results, ensuring that the port is released immediately,
but it's more correct.
protocol for running single commands on a remote host using Kerberos
v5 authentication and returning the output. They use a very simple
GSSAPI-authenticated network protocol, combined with server-side ACL
support and a server configuration file that maps remctl commands to
programs that should be run when that command is called by an
authorized user. remctld is very similar to a CGI server that uses a
different network protocol than HTTP and always does strong
authentication before executing the desired command.
