<div dir="ltr"><div>We're using sasl+gssapi+kerberos to do authentication for libvirt, including from hypervisor to hypervisor.  However, the environmental variable filtering implemented in libvirt prevents this from working, so we're forced to run a locally patched version.<br>
<br></div>Thoughts on the following patch to pass the location of the local credential cache as well?<br><br>--- a/src/util/vircommand.c    2014-01-07 14:14:11.388934108 +0000<br>+++ b/src/util/vircommand.c    2014-01-07 14:18:14.725082505 +0000<br>
@@ -1314,6 +1314,7 @@<br> <br>     virCommandAddEnvPair(cmd, "LC_ALL", "C");<br> <br>+    virCommandAddEnvPassBlockSUID(cmd, "KRB5CCNAME", NULL);<br>     virCommandAddEnvPassBlockSUID(cmd, "LD_PRELOAD", NULL);<br>
     virCommandAddEnvPassBlockSUID(cmd, "LD_LIBRARY_PATH", NULL);<br>     virCommandAddEnvPassBlockSUID(cmd, "PATH", "/bin:/usr/bin");<br><br></div>