Bug#304747: ITP: remctl -- remote Kerberos-authenticated command execution
Package: wnpp
Severity: wishlist
Owner: Russ Allbery <rra@stanford.edu>
* Package name : remctl
Version : 1.7
Upstream Author : Russ Allbery <rra@stanford.edu>
* URL : http://www.eyrie.org/~eagle/software/remctl/
* License : MIT/X
Description : remote Kerberos-authenticated command execution
remctl consists of a client and server for executing specific commands on
a remote system with Kerberos authentication. The allowable commands must
be listed in a server configuration file, and the executable run on the
server may be mapped to any command name. Each command is also associated
with an ACL containing a list of Kerberos principals authorized to run
that command.
Included in this package is both the client (remctl) and the server
(remctld). The server will not be started automatically.
I didn't write this package, but I'm also the upstream maintainer (as part
of my day job at Stanford). There are a lot of variations on this basic
idea out there, from the original IBM sysctl (which we used prior to remctl
at Stanford), to comprehensive management packages like Moira or ADM, to
DESY and CERN's ARC, but remctl aims at being something close to a minimal
implementation of the concept. It makes no assumptions about the rest of
your infrastructure, requires no particular scripting language, and is a
self-contained C implementation. We've been using it extensively at
Stanford for some years now, all over our infrastructure, primarily for
privilege delegation (put privileged keys on one system, write scripts that
perform privileged operations with those keys, audit for security as with
CGI scripts, and provide a remctl interface to run the scripts).
-- System Information:
Debian Release: 3.1
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.4.26
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) (ignored: LC_ALL set to C)
Reply to: