                        remctl Java Implementation

OVERVIEW

  This Java remctl implementation was written by Marcus Watts, based
  somewhat on the original remctl Java implementation by Anton Ushakov.
  This documentation is based on the documentation provided by Marcus.  A
  client and server are included.  Both are entirely independent of the C
  implementation.

  This implementation is not as mature or as well-tested as the C
  implementation.  Any feedback and bug reports are gratefully accepted.

REQUIREMENTS

  This implementation works with the Sun Java JDK 1.4.2, 5, and 6.  It
  will not build with gcj; it could be ported, but wouldn't be useful
  until gcj has com.sun.security.auth.module.Krb5LoginModule or an
  equivalent.

  This source tree will build in Eclipse and includes an Eclipse .project
  and .classpath file.

  To use 256-bit AES keys, you will need to get the "Java Cryptography
  Extension (ECE) Unlimited Strength Jurisdiction Policy Files 6"
  (filename jce_policy-6.zip), which is available (at least to US
  residents) from <http://java.sun.com/javase/downloads/index.jsp>.

BUILDING

  If your JDK isn't at /usr/lib/jvm/java-6-sun-1.6.0.00, either edit the
  Makefile to change JDK and then run make, or set the JDK variable on the
  command line with:

      make JDK=/path/to/jdk

  Then, create a k5.conf file by copying your /etc/krb5.conf file and then
  adding these lines to the [libdefaults] section:

      default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5
      default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5
      permitted_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5

  MIT Kerberos and Heimdal do not need this configuration and it is wrong
  for them, but the built-in list for Sun Java is limited.

  You can remove the DES enctypes if your realm doesn't support DES.  If
  you are using JDK 6, you can add aes128-cts to the beginning of each
  list.  If you have the jce_policy-6.zip file installed, you can also add
  aes256-cts to the beginning of each line.

RUNNING

  You can now run the client from the JAR file:

      java -Djava.security.krb5.conf=k5.conf \
          -Djava.security.auth.login.config=j3.conf -jar remctl.jar \
          <host> <type> <service> [<parameter> ...]

  This connects to the remctld on <host> and sends the command <type>
  <service> <parameter>.  Also look at t5.java for an example of how to
  use the class in a Java program.  You can also run the client from the
  class files:

      java -Djava.security.krb5.conf=k5.conf \
          -Djava.security.auth.login.config=j3.conf \
          org.eyrie.eagle.remctl.RemctlClient \
          <host> <type> <service> [<parameter> ...]

  To run the server, create a keytab that the server will use for
  authentication and revise bcsKeytab.conf to match (you will need to
  change the principal at least).  Then, start the server with:

      java -Djavax.security.auth.useSubjectCredsOnly=false \
          -Djava.security.auth.login.config=bcsKeytab.conf \
          t7 4373 <principal>

  This will start the server defined in t7.java, which just returns
  information about what command it received.  4373 is the port to listen
  to (4373 is the default value for remctl).  Replace <principal> for the
  principal you created a keytab for.

  To run this from Eclipse, select from the Run, Run..., "java
  application", make an instance for the selected Main Class.  Under
  Arguments, set VM arguments to be those above for "java", and set the
  program arguments to be everything past the jar file or main class.
