We're using sasl+gssapi+kerberos to do authentication for libvirt, including from hypervisor to hypervisor. However, the environmental variable filtering implemented in libvirt prevents this from working, so we're forced to run a locally patched version.
Thoughts on the following patch to pass the location of the local credential cache as well? --- a/src/util/vircommand.c 2014-01-07 14:14:11.388934108 +0000 +++ b/src/util/vircommand.c 2014-01-07 14:18:14.725082505 +0000 @@ -1314,6 +1314,7 @@ virCommandAddEnvPair(cmd, "LC_ALL", "C"); + virCommandAddEnvPassBlockSUID(cmd, "KRB5CCNAME", NULL); virCommandAddEnvPassBlockSUID(cmd, "LD_PRELOAD", NULL); virCommandAddEnvPassBlockSUID(cmd, "LD_LIBRARY_PATH", NULL); virCommandAddEnvPassBlockSUID(cmd, "PATH", "/bin:/usr/bin");
-- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list