                            remctl release 1.7
            (remote authenticated command execution with ACLs)

                         Written by Anton Ushakov
         Currently maintained by Russ Allbery <rra@stanford.edu>

  Copyright 2002, 2003, 2004, 2005 Board of Trustees, Leland Stanford Jr.
  University.  This software is distributed under a BSD-style license.
  Please see the section LICENSE below for more information.

DESCRIPTION

  remctl is a client/server application that supports remote execution of
  specific commands, using Kerberos v5 GSSAPI for authentication.  Which
  commands a given user can execute is controlled by a configuration file
  and ACL files and can be easily tightly limited, unlike with rsh.

  remctld is very similar to a CGI server that uses a different network
  protocol than HTTP and always does strong authentication before
  executing the desired command.

  This package was developed to replace the use of sysctl, another package
  that allowed remote code execution with Kerberos (v4) authentication.
  sysctl embedded Tcl and allowed for arbitrary Tcl code to be run, but at
  Stanford we found that in practice all we did with it was execute
  programs on the host system.  remctl is a Kerberos v5 equivalent that
  does only the portions we actually needed.

  Both C and Java clients are provided.  The design documentation is
  available in docs/design.html.

REQUIREMENTS

  The remctld server and the standard client are written in C and require
  a C compiler to build.  They have only been built against MIT Kerberos
  and would require some (not particularly difficult) porting to build
  against Heimdal.

  A Java client is also available in the java subdirectory, but no Java
  server is available.

INSTALLATION

  You can build and install remctl with the standard commands:

      ./configure
      make
      make install

  The last step will probably have to be done as root.  By default, remctl
  installs itself under /usr/local; you can change that path by passing
  the --prefix=PATH argument to configure.

  If your kerberos libraries and includes aren't in /usr/local/include and
  /usr/local/lib (or some other include directory and library directory
  searched by default by your compiler), then you need to specify
  --with-kerberos=PATH:

      ./configure --with-kerberos=/usr/pubsw

  To build against the static versions of the Kerberos libraries so that
  you don't have to have the Kerberos libraries installed on a system
  running the client or server, add --enable-static to ./configure.  This
  has been tested on Solaris and Linux.

  Usage information is available in the manual pages which will be
  installed with remctl.  You will need to set up a remctl.conf file for
  the server; see docs/remctl.conf for an example.

PORTING

  remctl should port reasonably well.  It has been tested on:

      Solaris 8
      Linux (glibc 2.2)
      AIX 4.3

  A replacement snprintf is provided for platforms whose snprintf does not
  comply with C99 (almost all of them as of July 2003 except for Linux).
  Some minor changes would be necessary to get it to build with Heimdal's
  GSSAPI libraries rather than MIT Kerberos.

LICENSE

  Copyright 2002, 2003, 2004, 2005 Board of Trustees, Leland Stanford Jr.
  University.  All rights reserved.
    
  Export of this software from the United States of America may require a
  specific license from the United States Government.  It is the
  responsibility of any person or organization contemplating export to
  obtain such a license before exporting.

  WITHIN THAT CONSTRAINT, permission to use, copy, modify, and distribute
  this software and its documentation for any purpose and without fee is
  hereby granted, provided that the above copyright notice appear in all
  copies and that both that copyright notice and this permission notice
  appear in supporting documentation, and that the name of Stanford
  University not be used in advertising or publicity pertaining to
  distribution of the software without specific, written prior permission.
  Stanford University makes no representations about the suitability of
  this software for any purpose.  It is provided "as is" without express
  or implied warranty.

  THIS SOFTWARE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED
  WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
  MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
