diff -urp libvirt-2.3.0.orig/daemon/libvirtd.conf libvirt-2.3.0/daemon/libvirtd.conf
--- libvirt-2.3.0.orig/daemon/libvirtd.conf 2016-10-28 19:13:22.641715000 +0000
+++ libvirt-2.3.0/daemon/libvirtd.conf 2016-10-28 19:13:48.452715000 +0000
@@ -123,7 +123,7 @@
# the network providing auth (eg, TLS/x509 certificates)
#
# - sasl: use SASL infrastructure. The actual auth scheme is then
-# controlled from /etc/sasl2/libvirt.conf. For the TCP
+# controlled from /etc/sasl/libvirt.conf. For the TCP
# socket only GSSAPI & DIGEST-MD5 mechanisms will be used.
# For non-TCP or TLS sockets, any scheme is allowed.
#
@@ -154,7 +154,7 @@
# If you don't enable SASL, then all TCP traffic is cleartext.
# Don't do this outside of a dev/test scenario. For real world
# use, always enable SASL and use the GSSAPI or DIGEST-MD5
-# mechanism in /etc/sasl2/libvirt.conf
+# mechanism in /etc/sasl/libvirt.conf
#auth_tcp = "sasl"
# Change the authentication scheme for TLS sockets.
diff -urp libvirt-2.3.0.orig/daemon/Makefile.am libvirt-2.3.0/daemon/Makefile.am
--- libvirt-2.3.0.orig/daemon/Makefile.am 2016-10-28 19:13:22.638715000 +0000
+++ libvirt-2.3.0/daemon/Makefile.am 2016-10-28 19:13:48.468715000 +0000
@@ -528,13 +528,13 @@ POD2MAN = pod2man -c "Virtualization Sup
# the WITH_LIBVIRTD conditional
if WITH_SASL
install-data-sasl:
- $(MKDIR_P) $(DESTDIR)$(sysconfdir)/sasl2/
+ $(MKDIR_P) $(DESTDIR)$(sysconfdir)/sasl/
$(INSTALL_DATA) $(srcdir)/libvirtd.sasl \
- $(DESTDIR)$(sysconfdir)/sasl2/libvirt.conf
+ $(DESTDIR)$(sysconfdir)/sasl/libvirt.conf
uninstall-data-sasl:
- rm -f $(DESTDIR)$(sysconfdir)/sasl2/libvirt.conf
- rmdir $(DESTDIR)$(sysconfdir)/sasl2/ || :
+ rm -f $(DESTDIR)$(sysconfdir)/sasl/libvirt.conf
+ rmdir $(DESTDIR)$(sysconfdir)/sasl/ || :
else ! WITH_SASL
install-data-sasl:
uninstall-data-sasl:
diff -urp libvirt-2.3.0.orig/daemon/Makefile.in libvirt-2.3.0/daemon/Makefile.in
--- libvirt-2.3.0.orig/daemon/Makefile.in 2016-10-28 19:13:22.638715000 +0000
+++ libvirt-2.3.0/daemon/Makefile.in 2016-10-28 19:13:48.469715000 +0000
@@ -2847,13 +2847,13 @@ admin_dispatch.h: $(top_srcdir)/src/rpc/
# This is needed for clients too, so can't wrap in
# the WITH_LIBVIRTD conditional
@WITH_SASL_TRUE@install-data-sasl:
-@WITH_SASL_TRUE@ $(MKDIR_P) $(DESTDIR)$(sysconfdir)/sasl2/
+@WITH_SASL_TRUE@ $(MKDIR_P) $(DESTDIR)$(sysconfdir)/sasl/
@WITH_SASL_TRUE@ $(INSTALL_DATA) $(srcdir)/libvirtd.sasl \
-@WITH_SASL_TRUE@ $(DESTDIR)$(sysconfdir)/sasl2/libvirt.conf
+@WITH_SASL_TRUE@ $(DESTDIR)$(sysconfdir)/sasl/libvirt.conf
@WITH_SASL_TRUE@uninstall-data-sasl:
-@WITH_SASL_TRUE@ rm -f $(DESTDIR)$(sysconfdir)/sasl2/libvirt.conf
-@WITH_SASL_TRUE@ rmdir $(DESTDIR)$(sysconfdir)/sasl2/ || :
+@WITH_SASL_TRUE@ rm -f $(DESTDIR)$(sysconfdir)/sasl/libvirt.conf
+@WITH_SASL_TRUE@ rmdir $(DESTDIR)$(sysconfdir)/sasl/ || :
@WITH_SASL_FALSE@install-data-sasl:
@WITH_SASL_FALSE@uninstall-data-sasl:
diff -urp libvirt-2.3.0.orig/docs/auth.html libvirt-2.3.0/docs/auth.html
--- libvirt-2.3.0.orig/docs/auth.html 2016-10-28 19:13:22.665715000 +0000
+++ libvirt-2.3.0/docs/auth.html 2016-10-28 19:13:48.470715000 +0000
@@ -415,7 +415,7 @@ again:
The plain TCP socket of the libvirt daemon defaults to using SASL for authentication.
The SASL mechanism configured by default is DIGEST-MD5, which provides a basic
username+password style authentication. To enable Kerberos single-sign-on instead,
-the libvirt SASL configuration file must be changed. This is /etc/sasl2/libvirt.conf
.
+the libvirt SASL configuration file must be changed. This is /etc/sasl/libvirt.conf
.
The mech_list
parameter must first be changed to gssapi
instead of the default digest-md5
, and keytab should be set to
/etc/libvirt/krb5.tab
. If SASL is enabled on the UNIX
diff -urp libvirt-2.3.0.orig/docs/auth.html.in libvirt-2.3.0/docs/auth.html.in
--- libvirt-2.3.0.orig/docs/auth.html.in 2016-10-28 19:13:22.677715000 +0000
+++ libvirt-2.3.0/docs/auth.html.in 2016-10-28 19:13:48.474715000 +0000
@@ -246,7 +246,7 @@ again:
The plain TCP socket of the libvirt daemon defaults to using SASL for authentication.
The SASL mechanism configured by default is DIGEST-MD5, which provides a basic
username+password style authentication. To enable Kerberos single-sign-on instead,
-the libvirt SASL configuration file must be changed. This is /etc/sasl2/libvirt.conf
.
+the libvirt SASL configuration file must be changed. This is /etc/sasl/libvirt.conf
.
The mech_list
parameter must first be changed to gssapi
instead of the default digest-md5
, and keytab should be set to
/etc/libvirt/krb5.tab
. If SASL is enabled on the UNIX
Only in libvirt-2.3.0: libvirt-sasl.patch
diff -urp libvirt-2.3.0.orig/libvirt.spec libvirt-2.3.0/libvirt.spec
--- libvirt-2.3.0.orig/libvirt.spec 2016-10-28 19:13:22.458715000 +0000
+++ libvirt-2.3.0/libvirt.spec 2016-10-28 19:13:48.474715000 +0000
@@ -1832,7 +1832,7 @@ exit 0
%{_datadir}/libvirt/cpu_map.xml
%{_datadir}/libvirt/libvirtLogo.png
-%config(noreplace) %{_sysconfdir}/sasl2/libvirt.conf
+%config(noreplace) %{_sysconfdir}/sasl/libvirt.conf
%files admin
%{_mandir}/man1/virt-admin.1*
diff -urp libvirt-2.3.0.orig/libvirt.spec.in libvirt-2.3.0/libvirt.spec.in
--- libvirt-2.3.0.orig/libvirt.spec.in 2016-10-28 19:13:22.455715000 +0000
+++ libvirt-2.3.0/libvirt.spec.in 2016-10-28 19:13:48.475715000 +0000
@@ -1832,7 +1832,7 @@ exit 0
%{_datadir}/libvirt/cpu_map.xml
%{_datadir}/libvirt/libvirtLogo.png
-%config(noreplace) %{_sysconfdir}/sasl2/libvirt.conf
+%config(noreplace) %{_sysconfdir}/sasl/libvirt.conf
%files admin
%{_mandir}/man1/virt-admin.1*
diff -urp libvirt-2.3.0.orig/src/qemu/qemu.conf libvirt-2.3.0/src/qemu/qemu.conf
--- libvirt-2.3.0.orig/src/qemu/qemu.conf 2016-10-28 19:13:22.586715000 +0000
+++ libvirt-2.3.0/src/qemu/qemu.conf 2016-10-28 19:13:48.475715000 +0000
@@ -98,18 +98,18 @@
# Examples include vinagre, virt-viewer and virt-manager
# itself. UltraVNC, RealVNC, TightVNC do not support this
#
-# It is necessary to configure /etc/sasl2/qemu.conf to choose
+# It is necessary to configure /etc/sasl/qemu.conf to choose
# the desired SASL plugin (eg, GSSPI for Kerberos)
#
#vnc_sasl = 1
-# The default SASL configuration file is located in /etc/sasl2/
+# The default SASL configuration file is located in /etc/sasl/
# When running libvirtd unprivileged, it may be desirable to
# override the configs in this location. Set this parameter to
# point to the directory, and create a qemu.conf in that location
#
-#vnc_sasl_dir = "/some/directory/sasl2"
+#vnc_sasl_dir = "/some/directory/sasl"
# QEMU implements an extension for providing audio over a VNC connection,
@@ -173,17 +173,17 @@
# Enable use of SASL encryption on the SPICE server. This requires
# a SPICE client which supports the SASL protocol extension.
#
-# It is necessary to configure /etc/sasl2/qemu.conf to choose
+# It is necessary to configure /etc/sasl/qemu.conf to choose
# the desired SASL plugin (eg, GSSPI for Kerberos)
#
#spice_sasl = 1
-# The default SASL configuration file is located in /etc/sasl2/
+# The default SASL configuration file is located in /etc/sasl/
# When running libvirtd unprivileged, it may be desirable to
# override the configs in this location. Set this parameter to
# point to the directory, and create a qemu.conf in that location
#
-#spice_sasl_dir = "/some/directory/sasl2"
+#spice_sasl_dir = "/some/directory/sasl"
# Enable use of TLS encryption on the chardev TCP transports.
#
diff -urp libvirt-2.3.0.orig/src/qemu/test_libvirtd_qemu.aug.in libvirt-2.3.0/src/qemu/test_libvirtd_qemu.aug.in
--- libvirt-2.3.0.orig/src/qemu/test_libvirtd_qemu.aug.in 2016-10-28 19:13:22.588715000 +0000
+++ libvirt-2.3.0/src/qemu/test_libvirtd_qemu.aug.in 2016-10-28 19:14:27.032715000 +0000
@@ -11,7 +11,7 @@ module Test_libvirtd_qemu =
{ "vnc_tls_x509_verify" = "1" }
{ "vnc_password" = "XYZ12345" }
{ "vnc_sasl" = "1" }
-{ "vnc_sasl_dir" = "/some/directory/sasl2" }
+{ "vnc_sasl_dir" = "/some/directory/sasl" }
{ "vnc_allow_host_audio" = "0" }
{ "spice_listen" = "0.0.0.0" }
{ "spice_tls" = "1" }
@@ -19,7 +19,7 @@ module Test_libvirtd_qemu =
{ "spice_auto_unix_socket" = "1" }
{ "spice_password" = "XYZ12345" }
{ "spice_sasl" = "1" }
-{ "spice_sasl_dir" = "/some/directory/sasl2" }
+{ "spice_sasl_dir" = "/some/directory/sasl" }
{ "chardev_tls" = "1" }
{ "chardev_tls_x509_cert_dir" = "/etc/pki/libvirt-chardev" }
{ "chardev_tls_x509_verify" = "1" }
diff -urp libvirt-2.3.0.orig/tests/qemuargv2xmldata/qemuargv2xml-graphics-vnc-sasl.args libvirt-2.3.0/tests/qemuargv2xmldata/qemuargv2xml-graphics-vnc-sasl.args
--- libvirt-2.3.0.orig/tests/qemuargv2xmldata/qemuargv2xml-graphics-vnc-sasl.args 2016-10-28 19:13:23.321715000 +0000
+++ libvirt-2.3.0/tests/qemuargv2xmldata/qemuargv2xml-graphics-vnc-sasl.args 2016-10-28 19:13:48.476715000 +0000
@@ -3,7 +3,7 @@ PATH=/bin \
HOME=/home/test \
USER=test \
LOGNAME=test \
-SASL_CONF_PATH=/root/.sasl2 \
+SASL_CONF_PATH=/root/.sasl \
QEMU_AUDIO_DRV=none \
/usr/bin/qemu \
-name QEMUGuest1 \
diff -urp libvirt-2.3.0.orig/tests/qemuargv2xmldata/qemuargv2xml-graphics-vnc-tls.args libvirt-2.3.0/tests/qemuargv2xmldata/qemuargv2xml-graphics-vnc-tls.args
--- libvirt-2.3.0.orig/tests/qemuargv2xmldata/qemuargv2xml-graphics-vnc-tls.args 2016-10-28 19:13:23.321715000 +0000
+++ libvirt-2.3.0/tests/qemuargv2xmldata/qemuargv2xml-graphics-vnc-tls.args 2016-10-28 19:13:48.476715000 +0000
@@ -3,7 +3,7 @@ PATH=/bin \
HOME=/home/test \
USER=test \
LOGNAME=test \
-SASL_CONF_PATH=/root/.sasl2 \
+SASL_CONF_PATH=/root/.sasl \
QEMU_AUDIO_DRV=none \
/usr/bin/qemu \
-name QEMUGuest1 \
diff -urp libvirt-2.3.0.orig/tests/qemuxml2argvdata/qemuxml2argv-graphics-spice-sasl.args libvirt-2.3.0/tests/qemuxml2argvdata/qemuxml2argv-graphics-spice-sasl.args
--- libvirt-2.3.0.orig/tests/qemuxml2argvdata/qemuxml2argv-graphics-spice-sasl.args 2016-10-28 19:13:23.399715000 +0000
+++ libvirt-2.3.0/tests/qemuxml2argvdata/qemuxml2argv-graphics-spice-sasl.args 2016-10-28 19:13:48.476715000 +0000
@@ -3,7 +3,7 @@ PATH=/bin \
HOME=/home/test \
USER=test \
LOGNAME=test \
-SASL_CONF_PATH=/root/.sasl2 \
+SASL_CONF_PATH=/root/.sasl \
QEMU_AUDIO_DRV=spice \
/usr/bin/qemu \
-name QEMUGuest1 \
diff -urp libvirt-2.3.0.orig/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-sasl.args libvirt-2.3.0/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-sasl.args
--- libvirt-2.3.0.orig/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-sasl.args 2016-10-28 19:13:23.399715000 +0000
+++ libvirt-2.3.0/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-sasl.args 2016-10-28 19:13:48.477715000 +0000
@@ -3,7 +3,7 @@ PATH=/bin \
HOME=/home/test \
USER=test \
LOGNAME=test \
-SASL_CONF_PATH=/root/.sasl2 \
+SASL_CONF_PATH=/root/.sasl \
QEMU_AUDIO_DRV=none \
/usr/bin/qemu \
-name QEMUGuest1 \
diff -urp libvirt-2.3.0.orig/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-tls.args libvirt-2.3.0/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-tls.args
--- libvirt-2.3.0.orig/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-tls.args 2016-10-28 19:13:23.399715000 +0000
+++ libvirt-2.3.0/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-tls.args 2016-10-28 19:13:48.477715000 +0000
@@ -3,7 +3,7 @@ PATH=/bin \
HOME=/home/test \
USER=test \
LOGNAME=test \
-SASL_CONF_PATH=/root/.sasl2 \
+SASL_CONF_PATH=/root/.sasl \
QEMU_AUDIO_DRV=none \
/usr/bin/qemu \
-name QEMUGuest1 \
diff -urp libvirt-2.3.0.orig/tests/qemuxml2argvtest.c libvirt-2.3.0/tests/qemuxml2argvtest.c
--- libvirt-2.3.0.orig/tests/qemuxml2argvtest.c 2016-10-28 19:13:22.696715000 +0000
+++ libvirt-2.3.0/tests/qemuxml2argvtest.c 2016-10-28 19:13:48.478715000 +0000
@@ -978,7 +978,7 @@ mymain(void)
driver.config->vncSASL = 1;
VIR_FREE(driver.config->vncSASLdir);
- ignore_value(VIR_STRDUP(driver.config->vncSASLdir, "/root/.sasl2"));
+ ignore_value(VIR_STRDUP(driver.config->vncSASLdir, "/root/.sasl"));
DO_TEST("graphics-vnc-sasl", QEMU_CAPS_VNC);
driver.config->vncTLS = 1;
driver.config->vncTLSx509verify = 1;
@@ -1002,7 +1002,7 @@ mymain(void)
DO_TEST("graphics-spice-no-args",
QEMU_CAPS_SPICE);
driver.config->spiceSASL = 1;
- ignore_value(VIR_STRDUP(driver.config->spiceSASLdir, "/root/.sasl2"));
+ ignore_value(VIR_STRDUP(driver.config->spiceSASLdir, "/root/.sasl"));
DO_TEST("graphics-spice-sasl",
QEMU_CAPS_VGA_QXL,
QEMU_CAPS_SPICE,
diff -urp libvirt-2.3.0.orig/tests/virconfdata/libvirtd.conf libvirt-2.3.0/tests/virconfdata/libvirtd.conf
--- libvirt-2.3.0.orig/tests/virconfdata/libvirtd.conf 2016-10-28 19:13:23.469715000 +0000
+++ libvirt-2.3.0/tests/virconfdata/libvirtd.conf 2016-10-28 19:13:48.478715000 +0000
@@ -108,7 +108,7 @@ unix_sock_admin_perms = "0700"
# the network providing auth (eg, TLS/x509 certificates)
#
# - sasl: use SASL infrastructure. The actual auth scheme is then
-# controlled from /etc/sasl2/libvirt.conf. For the TCP
+# controlled from /etc/sasl/libvirt.conf. For the TCP
# socket only GSSAPI & DIGEST-MD5 mechanisms will be used.
# For non-TCP or TLS sockets, any scheme is allowed.
#
@@ -139,7 +139,7 @@ auth_unix_rw = "none"
# If you don't enable SASL, then all TCP traffic is cleartext.
# Don't do this outside of a dev/test scenario. For real world
# use, always enable SASL and use the GSSAPI or DIGEST-MD5
-# mechanism in /etc/sasl2/libvirt.conf
+# mechanism in /etc/sasl/libvirt.conf
auth_tcp = "sasl"
# Change the authentication scheme for TLS sockets.
diff -urp libvirt-2.3.0.orig/tests/virconfdata/libvirtd.out libvirt-2.3.0/tests/virconfdata/libvirtd.out
--- libvirt-2.3.0.orig/tests/virconfdata/libvirtd.out 2016-10-28 19:13:23.469715000 +0000
+++ libvirt-2.3.0/tests/virconfdata/libvirtd.out 2016-10-28 19:13:48.479715000 +0000
@@ -87,7 +87,7 @@ unix_sock_admin_perms = "0700"
# the network providing auth (eg, TLS/x509 certificates)
#
# - sasl: use SASL infrastructure. The actual auth scheme is then
-# controlled from /etc/sasl2/libvirt.conf. For the TCP
+# controlled from /etc/sasl/libvirt.conf. For the TCP
# socket only GSSAPI & DIGEST-MD5 mechanisms will be used.
# For non-TCP or TLS sockets, any scheme is allowed.
#
@@ -116,7 +116,7 @@ auth_unix_rw = "none"
# If you don't enable SASL, then all TCP traffic is cleartext.
# Don't do this outside of a dev/test scenario. For real world
# use, always enable SASL and use the GSSAPI or DIGEST-MD5
-# mechanism in /etc/sasl2/libvirt.conf
+# mechanism in /etc/sasl/libvirt.conf
auth_tcp = "sasl"
# Change the authentication scheme for TLS sockets.
#