=head1 NAME

remctl - Remote execution tool

=head1 SYNOPSIS

remctl [B<-dhv>] [B<-p> I<port>] [B<-s> I<service>] I<host> I<type>
    I<service> [I<parameters> ...]

=head1 DESCRIPTION

B<remctl> is a program that allows a user to execute commands remotely on
a server that is running the remctld deamon. B<remctl> does not interpret
the commands given to it, it passes them to the server and displays the
return message.  The commands must be defined on the server-side before a
B<remctl> client can execute them, and the user running B<remctl> must be
authorized to execute the particular command on the server.

Access to remote commands is authenticated via Kerberos v5 GSS-API, so a
user must have a ticket granting ticket to use B<remctl>.  All
transmissions to and from the remctld server are encrypted using GSS-API's
security layer.

I<host> is the hostname of the target server.  I<type> and I<service>
together specify the command to run and correspond to the command names in
the configuration file on the server.  I<parameters> are any additional
command-line parameters to pass to the remote command.

=head1 OPTIONS

=over 4

=item B<-d>

Turn on extra debugging output of the client-server interaction.

=item B<-h>

Show a brief usage message and then exit.

=item B<-p> I<port>

Connect to the server on I<port>.  If this option isn't given, the client
first tries the registered remctl port (4373) and then falls back on the
legacy port (4444) if that fails.

=item B<-s> I<service>

Authenticate to the server with a service ticket for I<service> rather
than the default server identity of host/I<hostname>.  This may be
necessary with, for instance, a server where B<remctld> is not running as
root.

=item B<-v>

Print the version of B<remctl> and exit.

=back

=head1 EXIT STATUS

B<remctl> will exit with the exit status returned by the remote command.
If some network or authentication error occurred and B<remctl> was unable
to run the remote command or retrieve its exit status, or if B<remctl> was
called with invalid arguments, B<remctl> will exit with status 1.

=head1 EXAMPLES

Release an afs volume called ls.tripwire:

    remctl lsdb afs release ls.tripwire

=head1 CAVEATS

If no principal is specified with B<-s>, B<remctl> canonicalizes the
server host name using DNS before connecting.  This ensures that the
network connection and the GSS-API authentication use the same server name
even if some common DNS-based load-balancing schemes are in use.  To
disable this canonicalization, specify the server principal using B<-s>.

The default behavior, when the port is not specified, of trying 4373 and
falling back to 4444 will be removed in a future version of B<remctl> in
favor of using the C<remctl> service in F</etc/services> if set and then
falling back on only 4373.  4444 was the poorly-chosen original remctl
port and should be phased out.

When using Heimdal with triple-DES keys and talking to old servers that
only speak version one of the remctl protocol, B<remctl> may have problems
with MIC verification.  This doesn't affect new clients and servers since
the version two protocol doesn't use MICs.  If you are using Heimdal and
run into MIC verification problems, see the COMPATIBILITY section of
gssapi(3).

=head1 NOTES

The remctl port number, 4373, was derived by tracing the diagonals of a
QWERTY keyboard up from the letters C<remc> to the number row.

=head1 SEE ALSO

kinit(1), remctld(8)

The current version of this program is available from its web page at
L<http://www.eyrie.org/~eagle/software/remctl/>.

=head1 AUTHOR

Anton Ushakov <antonu@stanford.edu> is the original author.  Updates and
current maintenance are done by Russ Allbery <rra@stanford.edu>.

=head1 COPYRIGHT AND LICENSE

Copyright 2002, 2003, 2004, 2005, 2006, 2007, 2008 Board of Trustees,
Leland Stanford Jr. University.  All rights reserved.
  
Permission to use, copy, modify, and distribute this software and its
documentation for any purpose and without fee is hereby granted, provided
that the above copyright notice appear in all copies and that both that
copyright notice and this permission notice appear in supporting
documentation, and that the name of Stanford University not be used in
advertising or publicity pertaining to distribution of the software
without specific, written prior permission.  Stanford University makes no
representations about the suitability of this software for any purpose.
It is provided "as is" without express or implied warranty.

THIS SOFTWARE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED
WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.

=cut