From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:49972)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <crobinso@redhat.com>) id 1WOTJw-0007OQ-Ae
	for qemu-devel@nongnu.org; Fri, 14 Mar 2014 10:42:54 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <crobinso@redhat.com>) id 1WOTJq-00085w-B2
	for qemu-devel@nongnu.org; Fri, 14 Mar 2014 10:42:48 -0400
Message-ID: <53231549.3090606@redhat.com>
Date: Fri, 14 Mar 2014 10:42:17 -0400
From: Cole Robinson <crobinso@redhat.com>
MIME-Version: 1.0
References: <1394807976-9469-1-git-send-email-lersek@redhat.com>
	<1394807976-9469-2-git-send-email-lersek@redhat.com>
In-Reply-To: <1394807976-9469-2-git-send-email-lersek@redhat.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Subject: Re: [Qemu-devel] [trivial PATCH 2.0 1/1] sasl: Avoid 'Could not
 find keytab file' in syslog
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Laszlo Ersek <lersek@redhat.com>, Michael Tokarev <mjt@tls.msk.ru>, qemu-trivial@nongnu.org, qemu-devel@nongnu.org

On 03/14/2014 10:39 AM, Laszlo Ersek wrote:
> The "keytab" specification in "qemu.sasl" only makes sense if "gssapi" is
> selected in "mech_list". Even if the latter is not done (ie. "gssapi" is
> not selected), the cyrus-sasl library tries to open the specified keytab
> file, although nothing has a use for it outside the gssapi backend.
> 
> Since the default keytab file "/etc/qemu/krb5.tab" is usually absent, the
> cyrus-sasl library emits a warning to syslog at startup, which tends to
> annoy users (who didn't ask for gssapi in the first place).
> 
> Comment out the keytab specification per default.
> 
> "qemu-doc.texi" already correctly explains how to use "mech_list: gssapi"
> together with "keytab:".
> 
> See also:
> - upstream libvirt commit fe772f24,
> - Red Hat Bugzilla <https://bugzilla.redhat.com/show_bug.cgi?id=1018434>.
> 
> Signed-off-by: Laszlo Ersek <lersek@redhat.com>
> ---
>  qemu.sasl | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
> 
> diff --git a/qemu.sasl b/qemu.sasl
> index 9dc8323..64fdef3 100644
> --- a/qemu.sasl
> +++ b/qemu.sasl
> @@ -22,7 +22,9 @@ mech_list: digest-md5
>  # Some older builds of MIT kerberos on Linux ignore this option &
>  # instead need KRB5_KTNAME env var.
>  # For modern Linux, and other OS, this should be sufficient
> -keytab: /etc/qemu/krb5.tab
> +#
> +# There is no default value here, uncomment if you need this
> +#keytab: /etc/qemu/krb5.tab
>  
>  # If using digest-md5 for username/passwds, then this is the file
>  # containing the passwds. Use 'saslpasswd2 -a qemu [username]'
> 

ACK, libvirt has carried a similar change in their sasl config for a while now.

- Cole