[Freedombox-discuss] Kerberos and remctl instead of exmachina?

[Petter Reinholdtsen]

[Jonas Smedegaard]
> I am still unfamiliar with exmachina, but seems to me that its
> purpose is to handle execution of cross-account yet same-host,
> whereas purpose of remctl seems to be remote-host execution.

Yes.

> Seems wrong for me to expect non-technical users of some "black box"
> to be in possesion of Kerberos-enabled systems needed for
> controlling their box.

My idea was to use Kerberos also locally using a keytab file to store
the password (instead of the current approach, which is storing the
password in some home made mechanism), while providing two extra and
useful services - kerberos and remctl.

Part of the reason was that exmachina isn't used anywhere else, and do
not seem to get much upstream attention, which made me worry about the
sustainability of the solution.

A few days ago I wrote to Bryan Newbold about merging rules to make a
Debian package:

[Petter Reinholdtsen]
> Hi.  I just made a branch with the changes needed to create a deb of
> exmachina, to make it easier to set up a freedombox using deb
> packages.  Please have a look at
> <URL: http://gitorious.org/exmachina/petterreinholdtsens-exmachina >
> and consider including it in the "official" version of exmachina.

I got this fairly surprising reply (checked with him if it was OK to
quote him here :):

[Bryan Newbold]
> There is no "official" version of exmachina, it was only a thought
> experiment to solicit feedback. I have removed the repository from
> github to prevent future use of the example code; you are of course
> welcome to re-implement the concept, though I never received enough
> feedback to convince myself that it was a good idea.

So the "upstream" repository is gone, and the source now live in a
brach with Nick and me, I guess. :)

I suspect we are better of finding some alternative, preferably
something also used elsewhere. :)

-- 
Happy hacking
Petter Reinholdtsen