remote: Drop KRB5_KTNAME override

When the comment in libvirtd.sasl was last updated with commit fe772f24 Author: Cole Robinson <crobinso@redhat.com> Date: Sat Oct 20 14:10:03 2012 -0400 daemon: Avoid 'Could not find keytab file' in syslog it was noted that only old versions of kerberos would need the environment variable to be set: that was more than seven years ago, so it's safe to assume that none of our current target platforms still requires that hack and setting the appropriate key in the configuration file will be enough. Signed-off-by: N Andrea Bolognani <abologna@redhat.com> Reviewed-by: N Ján Tomko <jtomko@redhat.com> Reviewed-by: N Daniel P. Berrangé <berrange@redhat.com>

remote: Drop KRB5_KTNAME override
When the comment in libvirtd.sasl was last updated with commit fe772f24 Author: Cole Robinson <crobinso@redhat.com> Date: Sat Oct 20 14:10:03 2012 -0400 daemon: Avoid 'Could not find keytab file' in syslog it was noted that only old versions of kerberos would need the environment variable to be set: that was more than seven years ago, so it's safe to assume that none of our current target platforms still requires that hack and setting the appropriate key in the configuration file will be enough. Signed-off-by: N Andrea Bolognani <abologna@redhat.com> Reviewed-by: N Ján Tomko <jtomko@redhat.com> Reviewed-by: N Daniel P. Berrangé <berrange@redhat.com>
68d08cf2 · Andrea Bolognani · deb73277 · 68d08cf2 · 68d08cf2 · 68d08cf2
4 changed file
--- a/src/remote/libvirtd.init.in
+++ b/src/remote/libvirtd.init.in
@@ -7,7 +7,6 @@ LIBVIRTD_TIMEOUT=${LIBVIRTD_TERMTIMEOUT:-"TERM/25/KILL/5"}

 command="@sbindir@/libvirtd"
 command_args="-d ${LIBVIRTD_OPTS}"
-start_stop_daemon_args="--env KRB5_KTNAME=/etc/libvirt/krb5.tab"
 pidfile="@runstatedir@/libvirtd.pid"
 retry="${LIBVIRTD_TERMTIMEOUT}"


--- a/src/remote/libvirtd.sasl
+++ b/src/remote/libvirtd.sasl
@@ -33,9 +33,7 @@ mech_list: gssapi
 #   qemu+tcp://hostname/system?auth=sasl.gssapi
 #mech_list: scram-sha-1 gssapi

-# Some older builds of MIT kerberos on Linux ignore this option &
-# instead need KRB5_KTNAME env var.
-# For modern Linux, and other OS, this should be sufficient
+# File containing the service principal for libvirtd
 #
 keytab: /etc/libvirt/krb5.tab


--- a/src/remote/libvirtd.sysconf
+++ b/src/remote/libvirtd.sysconf
@@ -11,9 +11,6 @@ LIBVIRTD_ARGS="--timeout 120"
 # can be used to listen on TCP/TLS sockets
 #LIBVIRTD_ARGS="--listen"

-# Override Kerberos service keytab for SASL/GSSAPI
-#KRB5_KTNAME=/etc/libvirt/krb5.tab
-
 # Override the QEMU/SDL default audio driver probing when
 # starting virtual machines using SDL graphics
 #

--- a/src/remote/virtproxyd.init.in
+++ b/src/remote/virtproxyd.init.in
@@ -7,7 +7,6 @@ VIRTPROXYD_TIMEOUT=${VIRTPROXYD_TERMTIMEOUT:-"TERM/25/KILL/5"}

 command="@sbindir@/virtproxyd"
 command_args="-d ${VIRTPROXYD_OPTS}"
-start_stop_daemon_args="--env KRB5_KTNAME=/etc/libvirt/krb5.tab"
 pidfile="@runstatedir@/virtproxyd.pid"
 retry="${VIRTPROXYD_TERMTIMEOUT}"