Skip to content

Commit

Permalink
sasl: Avoid 'Could not find keytab file' in syslog
Browse files Browse the repository at this point in the history 
The "keytab" specification in "qemu.sasl" only makes sense if "gssapi" is
selected in "mech_list". Even if the latter is not done (ie. "gssapi" is
not selected), the cyrus-sasl library tries to open the specified keytab
file, although nothing has a use for it outside the gssapi backend.

Since the default keytab file "/etc/qemu/krb5.tab" is usually absent, the
cyrus-sasl library emits a warning to syslog at startup, which tends to
annoy users (who didn't ask for gssapi in the first place).

Comment out the keytab specification per default.

"qemu-doc.texi" already correctly explains how to use "mech_list: gssapi"
together with "keytab:".

See also:
- upstream libvirt commit fe772f24,
- Red Hat Bugzilla <https://bugzilla.redhat.com/show_bug.cgi?id=1018434>.

Signed-off-by: Laszlo Ersek <lersek@redhat.com>
ACKed-By: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
  • Loading branch information
@lersek
lersek authored and Michael Tokarev committed Mar 15, 2014
1 parent 03d5142 commit dfb3804
Showing 1 changed file with 3 additions and 1 deletion.
4 changes: 3 additions & 1 deletion qemu.sasl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,9 @@ mech_list: digest-md5
# Some older builds of MIT kerberos on Linux ignore this option &
# instead need KRB5_KTNAME env var.
# For modern Linux, and other OS, this should be sufficient
keytab: /etc/qemu/krb5.tab
#
# There is no default value here, uncomment if you need this
#keytab: /etc/qemu/krb5.tab

# If using digest-md5 for username/passwds, then this is the file
# containing the passwds. Use 'saslpasswd2 -a qemu [username]'
Expand Down

0 comments on commit dfb3804

Please sign in to comment.