Provided by: libremctl-dev_3.18-1build6_amd64 bug

NAME

       remctl_open - Connect to a remote remctl server

SYNOPSIS

       #include <remctl.h>

       int remctl_open(struct remctl *r, const char *host,
                          unsigned short port,
                          const char *principal);

       int remctl_open_addrinfo(struct remctl *r, const char *host,
                                   const struct addrinfo *ai,
                                   const char *principal);

       int remctl_open_sockaddr(struct remctl *r, const char *host,
                                   const struct sockaddr *addr, int addrlen,
                                   const char *principal);

       int remctl_open_fd(struct remctl *r, const char *host,
                             int fd, const char *principal);

DESCRIPTION

       remctl_open() opens a TCP connection to the given host on the given port and then
       authenticates using the remctl protocol and the service principal principal.  r is a
       remctl struct created via remctl_new().  host must not be NULL.  If port is 0, the library
       first attempts to connect to the registered port of 4373 and then tries the legacy port of
       4444 if that fails.  Future versions of the library will drop this fallback to 4444.  If
       principal is NULL, a service principal of "host/host" is used, with the realm determined
       by domain-realm mapping.

       remctl_open_addrinfo() operates in the same manner as remctl_open(), but connects to the
       first usable address in ai, which must be a list of results as returned by getaddrinfo(3).
       The host is used only to form the default service principal, and may be NULL if principal
       is not NULL.

       remctl_open_sockaddr() is equivalent to remctl_open_addrinfo() with a single addrinfo
       structure specifying the use of TCP with socket address addr and length addrlen.

       remctl_open_fd() operates in the same manner as remctl_open_addrinfo(), but uses an
       already-established TCP connection identified by the file descriptor fd.  On Windows, fd
       is of type "SOCKET" and must be a valid socket descriptor.

       If no principal is specified and the default is used, the underlying GSS-API library may
       canonicalize host via DNS before determining the service principal, depending on your
       library configuration.  Specifying a principal disables this behavior.

       The remctl protocol uses Kerberos via GSS-API for authentication.  The underlying GSS-API
       library will use the default ticket cache for authentication, so to successfully use
       remctl_open(), the caller should already have Kerberos tickets for an appropriate realm
       stored in its default ticket cache.  The environment variable KRB5CCNAME or the
       remctl_set_ccache(3) function can be used to control which ticket cache is used.

       To control the timeout for the connect and for subsequent calls, see the
       remctl_set_timeout(3) function.  To control the source IP used by remctl_open(),
       remctl_open_addrinfo(), and remctl_open_sockaddr(), see the remctl_set_source_ip(3)
       function.

RETURN VALUE

       remctl_open() returns true on success and false on failure.  On failure, the caller should
       call remctl_error() to retrieve the error message.

COMPATIBILITY

       The remctl_open() interface has been provided by the remctl client library since its
       initial release in version 2.0.  remctl_open_addrinfo(), remctl_open_sockaddr(), and
       remctl_open_fd() were added in version 3.4.

       The default port was changed to the IANA-registered port of 4373 in version 2.11.

       Support for IPv6 was added in version 2.4.

CAVEATS

       If the principal argument to remctl_open() is NULL, most GSS-API libraries will
       canonicalize the host using DNS before deriving the principal name from it.  This means
       that when connecting to a remctl server via a CNAME, remctl_open() will normally
       authenticate using a principal based on the canonical name of the host instead of the
       specified host parameter.  This behavior may cause problems if two consecutive DNS lookups
       of host may return two different results, such as with some DNS-based load-balancing
       systems.

       The canonicalization behavior is controlled by the GSS-API library; with the MIT Kerberos
       GSS-API library, canonicalization can be disabled by setting "rdns" to false in the
       [libdefaults] section of krb5.conf.  It can also be disabled by passing an explicit
       Kerberos principal name via the principal argument, which will then be used without
       changes.  If canonicalization is desired, the caller may wish to canonicalize host before
       calling remctl_open() to avoid problems with multiple DNS calls returning different
       results.

       The default behavior, when a port of 0 is given, of trying 4373 and falling back to 4444
       will be removed in a future version of this library in favor of using the "remctl" service
       in /etc/services if set and then falling back on only 4373.  4444 was the poorly-chosen
       original remctl port and should be phased out.

       Connections established using the alternate-open interfaces remctl_open_fd(),
       remctl_open_addrinfo(), and remctl_open_sockaddr() do not support the automatic
       connection-reopening which is used to give the illusion of a single long-lived connection
       when sending multiple commands to a server which supports only version 1 of the remctl
       protocol.  Therefore, when using these interfaces to open a connection to such a server,
       it will only be possible to send a single command, after which the connection must be
       closed and reopened before another command can be sent.

NOTES

       The remctl port number, 4373, was derived by tracing the diagonals of a QWERTY keyboard up
       from the letters "remc" to the number row.

AUTHOR

       Russ Allbery <eagle@eyrie.org>

COPYRIGHT AND LICENSE

       Copyright 2007-2009, 2014 The Board of Trustees of the Leland Stanford Junior University

       Copying and distribution of this file, with or without modification, are permitted in any
       medium without royalty provided the copyright notice and this notice are preserved.  This
       file is offered as-is, without any warranty.

       SPDX-License-Identifier: FSFAP

SEE ALSO

       remctl_new(3), remctl_error(3), remctl_set_ccache(3), remctl_set_source_ip(3),
       remctl_set_timeout(3)

       The current version of the remctl library and complete details of the remctl protocol are
       available from its web page at <https://www.eyrie.org/~eagle/software/remctl/>.