The remctl server (remctld) and SSH backend (remctl-shell), which are responsible for receiving an authenticated command via the remctl protocol (or via SSH), executing it, and returning the result.

remctl is a client/server protocol for executing specific commands on a remote system with Kerberos authentication. The allowable commands must be listed in a server configuration file, and the executable run on the server may be mapped to any command name. Each command is also associated with an ACL containing a list of Kerberos principals authorized to run that command.