                            remctl To-Do List

 * Allow a more expressive configuration syntax that can set more options
   per command.  Among the things we want to configure (besides the
   logmask configuration we already have) are changing users before
   running the command, specifying an argument to pass on standard input
   (see below), or supporting things like LDAP ACLs.

 * Implement file upload in the remctl client.  On the server side, since
   we want to handle file data that contains nul characters, we'll also
   need to support passing one of the arguments to the executed command on
   standard input.  This may depend on the new configuration syntax.

   The best way to implement this may be to pass only the service on the
   command line and pass all other parameters on standard input, using
   counted strings or some similar encoding protocol.  On the other hand,
   that adds a lot of complexity for the commands.

 * Add support for running commands as filters, passing standard input
   asynchronously from the client.  This requires significant
   re-engineering of the client loop and should wait for better
   configuration since we don't want to do this with every command.  It
   also introduces out-of-order responses and possible deadlocks to the
   protocol, which is disturbing.

 * Maximum argument count and maximum data size in MESSAGE_COMMAND should
   be configurable parameters of the server rather than hard-coded
   values.  This may need to wait for better configuration parsing.

 * Support LDAP-based ACLs in addition to file system ACLs.

 * Add readline support to the remctl client for multiple commands to the
   same server in the same authenticated session.

 * Add support for external ACL checking programs.  This can be added to
   the existing ACL file syntax without too much trouble, perhaps with a
   program keyword that works similarly to the include keyword.  If the
   program exits with a zero status, access is granted.  If it exits 1,
   access is not granted but checking continues.  If it exits with any
   other exit status, access is not granted and checking aborts.

   Ideally, for writing generic ACL checking programs, the program should
   get the type and service of the remctl command as well as any
   arguments.  However, I also want to support passing other arguments
   into the program as specified in the ACL file.

 * Add Python bindings for the libremctl client library.

 * Add logic to detect Solaris vs. GNU ld on Solaris and pass the
   appropriate option to use the symbol versioning map file on Solaris as
   well.

 * Incorporate a program that can generate a Kerberos ticket cache from
   a keytab and use that for running the Kerberos tests instead of
   requiring the user to generate a keytab.

 * Possibly support binding to both the new and the old port in the
   standalone server for backward compatibility (only if requested by
   another flag).
