On 03/14/2014 10:39 AM, Laszlo Ersek wrote: > The "keytab" specification in "qemu.sasl" only makes sense if "gssapi" is > selected in "mech_list". Even if the latter is not done (ie. "gssapi" is > not selected), the cyrus-sasl library tries to open the specified keytab > file, although nothing has a use for it outside the gssapi backend. > > Since the default keytab file "/etc/qemu/krb5.tab" is usually absent, the > cyrus-sasl library emits a warning to syslog at startup, which tends to > annoy users (who didn't ask for gssapi in the first place). > > Comment out the keytab specification per default. > > "qemu-doc.texi" already correctly explains how to use "mech_list: gssapi" > together with "keytab:". > > See also: > - upstream libvirt commit fe772f24, > - Red Hat Bugzilla <https://bugzilla.redhat.com/show_bug.cgi?id=1018434>. > > Signed-off-by: Laszlo Ersek <ler...@redhat.com> > --- > qemu.sasl | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/qemu.sasl b/qemu.sasl > index 9dc8323..64fdef3 100644 > --- a/qemu.sasl > +++ b/qemu.sasl > @@ -22,7 +22,9 @@ mech_list: digest-md5 > # Some older builds of MIT kerberos on Linux ignore this option & > # instead need KRB5_KTNAME env var. > # For modern Linux, and other OS, this should be sufficient > -keytab: /etc/qemu/krb5.tab > +# > +# There is no default value here, uncomment if you need this > +#keytab: /etc/qemu/krb5.tab > > # If using digest-md5 for username/passwds, then this is the file > # containing the passwds. Use 'saslpasswd2 -a qemu [username]' >
ACK, libvirt has carried a similar change in their sasl config for a while now. - Cole