Provided by: libremctl-dev_3.13-1+deb9u1_amd64 
NAME
remctl_open - Connect to a remote remctl server
SYNOPSIS
#include <remctl.h>
int remctl_open(struct remctl *r, const char *host,
unsigned short port,
const char *principal);
int remctl_open_addrinfo(struct remctl *r, const char *host,
const struct addrinfo *ai,
const char *principal);
int remctl_open_sockaddr(struct remctl *r, const char *host,
const struct sockaddr *addr, int addrlen,
const char *principal);
int remctl_open_fd(struct remctl *r, const char *host,
int fd, const char *principal);
DESCRIPTION
remctl_open() opens a TCP connection to the given host on the given port and then authenticates using the
remctl protocol and the service principal principal. r is a remctl struct created via remctl_new().
host must not be NULL. If port is 0, the library first attempts to connect to the registered port of
4373 and then tries the legacy port of 4444 if that fails. Future versions of the library will drop this
fallback to 4444. If principal is NULL, a service principal of "host/host" is used, with the realm
determined by domain-realm mapping.
remctl_open_addrinfo() operates in the same manner as remctl_open(), but connects to the first usable
address in ai, which must be a list of results as returned by getaddrinfo(3). The host is used only to
form the default service principal, and may be NULL if principal is not NULL.
remctl_open_sockaddr() is equivalent to remctl_open_addrinfo() with a single addrinfo structure
specifying the use of TCP with socket address addr and length addrlen.
remctl_open_fd() operates in the same manner as remctl_open_addrinfo(), but uses an already-established
TCP connection identified by the file descriptor fd. On Windows, fd is of type "SOCKET" and must be a
valid socket descriptor.
If no principal is specified and the default is used, the underlying GSS-API library may canonicalize
host via DNS before determining the service principal, depending on your library configuration.
Specifying a principal disables this behavior.
The remctl protocol uses Kerberos via GSS-API for authentication. The underlying GSS-API library will
use the default ticket cache for authentication, so to successfully use remctl_open(), the caller should
already have Kerberos tickets for an appropriate realm stored in its default ticket cache. The
environment variable KRB5CCNAME or the remctl_set_ccache(3) function can be used to control which ticket
cache is used.
To control the timeout for the connect and for subsequent calls, see the remctl_set_timeout(3) function.
To control the source IP used by remctl_open(), remctl_open_addrinfo(), and remctl_open_sockaddr(), see
the remctl_set_source_ip(3) function.
RETURN VALUE
remctl_open() returns true on success and false on failure. On failure, the caller should call
remctl_error() to retrieve the error message.
COMPATIBILITY
The remctl_open() interface has been provided by the remctl client library since its initial release in
version 2.0. remctl_open_addrinfo(), remctl_open_sockaddr(), and remctl_open_fd() were added in version
3.4.
The default port was changed to the IANA-registered port of 4373 in version 2.11.
Support for IPv6 was added in version 2.4.
CAVEATS
If the principal argument to remctl_open() is NULL, most GSS-API libraries will canonicalize the host
using DNS before deriving the principal name from it. This means that when connecting to a remctl server
via a CNAME, remctl_open() will normally authenticate using a principal based on the canonical name of
the host instead of the specified host parameter. This behavior may cause problems if two consecutive
DNS lookups of host may return two different results, such as with some DNS-based load-balancing systems.
The canonicalization behavior is controlled by the GSS-API library; with the MIT Kerberos GSS-API
library, canonicalization can be disabled by setting "rdns" to false in the [libdefaults] section of
krb5.conf. It can also be disabled by passing an explicit Kerberos principal name via the principal
argument, which will then be used without changes. If canonicalization is desired, the caller may wish
to canonicalize host before calling remctl_open() to avoid problems with multiple DNS calls returning
different results.
The default behavior, when a port of 0 is given, of trying 4373 and falling back to 4444 will be removed
in a future version of this library in favor of using the "remctl" service in /etc/services if set and
then falling back on only 4373. 4444 was the poorly-chosen original remctl port and should be phased
out.
Connections established using the alternate-open interfaces remctl_open_fd(), remctl_open_addrinfo(), and
remctl_open_sockaddr() do not support the automatic connection-reopening which is used to give the
illusion of a single long-lived connection when sending multiple commands to a server which supports only
version 1 of the remctl protocol. Therefore, when using these interfaces to open a connection to such a
server, it will only be possible to send a single command, after which the connection must be closed and
reopened before another command can be sent.
NOTES
The remctl port number, 4373, was derived by tracing the diagonals of a QWERTY keyboard up from the
letters "remc" to the number row.
AUTHOR
Russ Allbery <eagle@eyrie.org>
COPYRIGHT AND LICENSE
Copyright 2007, 2008, 2009, 2014 The Board of Trustees of the Leland Stanford Junior University
Copying and distribution of this file, with or without modification, are permitted in any medium without
royalty provided the copyright notice and this notice are preserved. This file is offered as-is, without
any warranty.
SEE ALSO
remctl_new(3), remctl_error(3), remctl_set_ccache(3), remctl_set_source_ip(3), remctl_set_timeout(3)
The current version of the remctl library and complete details of the remctl protocol are available from
its web page at <http://www.eyrie.org/~eagle/software/remctl/>.