remctl and remctld implement a client/server protocol for running single commands on a remote host using Kerberos v5 authentication and returning the output. They use a very simple GSS-API-authenticated network protocol, combined with server-side ACL support and a server configuration file that maps remctl commands to programs that should be run when that command is called by an authorised user.