From: Cole Robinson <crobinso@redhat.com>
To: Laszlo Ersek <lersek@redhat.com>,
Michael Tokarev <mjt@tls.msk.ru>,
qemu-trivial@nongnu.org, qemu-devel@nongnu.org
Subject: Re: [Qemu-trivial] [trivial PATCH 2.0 1/1] sasl: Avoid 'Could not find keytab file' in syslog
Date: Fri, 14 Mar 2014 10:42:17 -0400 [thread overview]
Message-ID: <53231549.3090606@redhat.com> (raw)
In-Reply-To: <1394807976-9469-2-git-send-email-lersek@redhat.com>
On 03/14/2014 10:39 AM, Laszlo Ersek wrote:
> The "keytab" specification in "qemu.sasl" only makes sense if "gssapi" is
> selected in "mech_list". Even if the latter is not done (ie. "gssapi" is
> not selected), the cyrus-sasl library tries to open the specified keytab
> file, although nothing has a use for it outside the gssapi backend.
>
> Since the default keytab file "/etc/qemu/krb5.tab" is usually absent, the
> cyrus-sasl library emits a warning to syslog at startup, which tends to
> annoy users (who didn't ask for gssapi in the first place).
>
> Comment out the keytab specification per default.
>
> "qemu-doc.texi" already correctly explains how to use "mech_list: gssapi"
> together with "keytab:".
>
> See also:
> - upstream libvirt commit fe772f24,
> - Red Hat Bugzilla <https://bugzilla.redhat.com/show_bug.cgi?id=1018434>.
>
> Signed-off-by: Laszlo Ersek <lersek@redhat.com>
> ---
> qemu.sasl | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/qemu.sasl b/qemu.sasl
> index 9dc8323..64fdef3 100644
> --- a/qemu.sasl
> +++ b/qemu.sasl
> @@ -22,7 +22,9 @@ mech_list: digest-md5
> # Some older builds of MIT kerberos on Linux ignore this option &
> # instead need KRB5_KTNAME env var.
> # For modern Linux, and other OS, this should be sufficient
> -keytab: /etc/qemu/krb5.tab
> +#
> +# There is no default value here, uncomment if you need this
> +#keytab: /etc/qemu/krb5.tab
>
> # If using digest-md5 for username/passwds, then this is the file
> # containing the passwds. Use 'saslpasswd2 -a qemu [username]'
>
ACK, libvirt has carried a similar change in their sasl config for a while now.
- Cole
WARNING: multiple messages have this Message-ID (diff)
From: Cole Robinson <crobinso@redhat.com>
To: Laszlo Ersek <lersek@redhat.com>,
Michael Tokarev <mjt@tls.msk.ru>,
qemu-trivial@nongnu.org, qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] [trivial PATCH 2.0 1/1] sasl: Avoid 'Could not find keytab file' in syslog
Date: Fri, 14 Mar 2014 10:42:17 -0400 [thread overview]
Message-ID: <53231549.3090606@redhat.com> (raw)
In-Reply-To: <1394807976-9469-2-git-send-email-lersek@redhat.com>
On 03/14/2014 10:39 AM, Laszlo Ersek wrote:
> The "keytab" specification in "qemu.sasl" only makes sense if "gssapi" is
> selected in "mech_list". Even if the latter is not done (ie. "gssapi" is
> not selected), the cyrus-sasl library tries to open the specified keytab
> file, although nothing has a use for it outside the gssapi backend.
>
> Since the default keytab file "/etc/qemu/krb5.tab" is usually absent, the
> cyrus-sasl library emits a warning to syslog at startup, which tends to
> annoy users (who didn't ask for gssapi in the first place).
>
> Comment out the keytab specification per default.
>
> "qemu-doc.texi" already correctly explains how to use "mech_list: gssapi"
> together with "keytab:".
>
> See also:
> - upstream libvirt commit fe772f24,
> - Red Hat Bugzilla <https://bugzilla.redhat.com/show_bug.cgi?id=1018434>.
>
> Signed-off-by: Laszlo Ersek <lersek@redhat.com>
> ---
> qemu.sasl | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/qemu.sasl b/qemu.sasl
> index 9dc8323..64fdef3 100644
> --- a/qemu.sasl
> +++ b/qemu.sasl
> @@ -22,7 +22,9 @@ mech_list: digest-md5
> # Some older builds of MIT kerberos on Linux ignore this option &
> # instead need KRB5_KTNAME env var.
> # For modern Linux, and other OS, this should be sufficient
> -keytab: /etc/qemu/krb5.tab
> +#
> +# There is no default value here, uncomment if you need this
> +#keytab: /etc/qemu/krb5.tab
>
> # If using digest-md5 for username/passwds, then this is the file
> # containing the passwds. Use 'saslpasswd2 -a qemu [username]'
>
ACK, libvirt has carried a similar change in their sasl config for a while now.
- Cole
next prev parent reply other threads:[~2014-03-14 14:42 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-03-14 14:39 [Qemu-trivial] [trivial PATCH 2.0 0/1] silence invalid cyrus-sasl warning on startup Laszlo Ersek
2014-03-14 14:39 ` [Qemu-devel] " Laszlo Ersek
2014-03-14 14:39 ` [Qemu-trivial] [trivial PATCH 2.0 1/1] sasl: Avoid 'Could not find keytab file' in syslog Laszlo Ersek
2014-03-14 14:39 ` [Qemu-devel] " Laszlo Ersek
2014-03-14 14:42 ` Cole Robinson [this message]
2014-03-14 14:42 ` Cole Robinson
2014-03-14 15:43 ` [Qemu-trivial] " Michael Tokarev
2014-03-14 15:43 ` [Qemu-devel] " Michael Tokarev
2014-03-14 15:46 ` Cole Robinson
2014-03-14 15:46 ` [Qemu-devel] " Cole Robinson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=53231549.3090606@redhat.com \
--to=crobinso@redhat.com \
--cc=lersek@redhat.com \
--cc=mjt@tls.msk.ru \
--cc=qemu-devel@nongnu.org \
--cc=qemu-trivial@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.