[libvirt PATCH 8/8] remote: Drop KRB5_KTNAME override

Andrea Bolognani abologna at redhat.com
Wed Apr 1 18:53:45 UTC 2020

When the comment in libvirtd.sasl was last updated with

  commit fe772f24a6809b3d937ed6547cbaa9d820e514b6
  Author: Cole Robinson <crobinso at redhat.com>
  Date:   Sat Oct 20 14:10:03 2012 -0400

    daemon: Avoid 'Could not find keytab file' in syslog

it was noted that only old versions of kerberos would need the
environment variable to be set: that was more than sever years
ago, so it's safe to assume that none of our current target
platforms still requires that hack and setting the appropriate
key in the configuration file will be enough.

Signed-off-by: Andrea Bolognani <abologna at redhat.com>
 src/remote/libvirtd.sasl    | 4 +---
 src/remote/libvirtd.sysconf | 3 ---
 2 files changed, 1 insertion(+), 6 deletions(-)

diff --git a/src/remote/libvirtd.sasl b/src/remote/libvirtd.sasl
index 9e7699c75a..7a45470a9d 100644
--- a/src/remote/libvirtd.sasl
+++ b/src/remote/libvirtd.sasl
@@ -33,9 +33,7 @@ mech_list: gssapi
 #   qemu+tcp://hostname/system?auth=sasl.gssapi
 #mech_list: scram-sha-1 gssapi
-# Some older builds of MIT kerberos on Linux ignore this option &
-# instead need KRB5_KTNAME env var.
-# For modern Linux, and other OS, this should be sufficient
+# File containing the service principal for libvirtd
 keytab: /etc/libvirt/krb5.tab
diff --git a/src/remote/libvirtd.sysconf b/src/remote/libvirtd.sysconf
index 5969518bf2..e1aec32c1b 100644
--- a/src/remote/libvirtd.sysconf
+++ b/src/remote/libvirtd.sysconf
@@ -5,9 +5,6 @@
 # NB. must setup TLS/SSL keys prior to using this
-# Override Kerberos service keytab for SASL/GSSAPI
 # Override the QEMU/SDL default audio driver probing when
 # starting virtual machines using SDL graphics

More information about the libvir-list mailing list