Since the libvirt SASL config file defaults to using GSSAPI (Kerberos), a
config change is rquired to enable plain password auth. This is done by
-editting /etc/sasl2/libvirt.conf to set the mech_list
+editting /etc/sasl/libvirt.conf to set the mech_list
parameter to scram-sha-1.
diff -urp libvirt-5.1.0.orig/docs/auth.html.in libvirt-5.1.0/docs/auth.html.in --- libvirt-5.1.0.orig/docs/auth.html.in 2019-03-23 11:37:08.296000000 +0100 +++ libvirt-5.1.0/docs/auth.html.in 2019-03-23 11:37:35.451000000 +0100 @@ -277,7 +277,7 @@ to turn on SASL auth in these listeners.
Since the libvirt SASL config file defaults to using GSSAPI (Kerberos), a
config change is rquired to enable plain password auth. This is done by
-editting /etc/sasl2/libvirt.conf to set the mech_list
+editting /etc/sasl/libvirt.conf to set the mech_list
parameter to scram-sha-1.
diff -urp libvirt-5.1.0.orig/src/Makefile.in libvirt-5.1.0/src/Makefile.in --- libvirt-5.1.0.orig/src/Makefile.in 2019-03-23 11:37:08.372000000 +0100 +++ libvirt-5.1.0/src/Makefile.in 2019-03-23 11:38:49.722000000 +0100 @@ -6226,7 +6226,7 @@ REMOTE_DRIVER_PROTOCOL = \ # This is needed for clients too, so can't wrap in # the WITH_LIBVIRTD conditional -@WITH_SASL_TRUE@sasldir = $(sysconfdir)/sasl2 +@WITH_SASL_TRUE@sasldir = $(sysconfdir)/sasl THREAD_LIBS = $(LIB_PTHREAD) $(LTLIBMULTITHREAD) SECDRIVER_CFLAGS = $(am__append_185) $(am__append_187) SECDRIVER_LIBS = $(am__append_186) $(am__append_188) diff -urp libvirt-5.1.0.orig/src/qemu/qemu.conf libvirt-5.1.0/src/qemu/qemu.conf --- libvirt-5.1.0.orig/src/qemu/qemu.conf 2019-03-23 11:37:08.358000000 +0100 +++ libvirt-5.1.0/src/qemu/qemu.conf 2019-03-23 11:37:35.455000000 +0100 @@ -135,18 +135,18 @@ # Examples include vinagre, virt-viewer and virt-manager # itself. UltraVNC, RealVNC, TightVNC do not support this # -# It is necessary to configure /etc/sasl2/qemu.conf to choose +# It is necessary to configure /etc/sasl/qemu.conf to choose # the desired SASL plugin (eg, GSSPI for Kerberos) # #vnc_sasl = 1 -# The default SASL configuration file is located in /etc/sasl2/ +# The default SASL configuration file is located in /etc/sasl/ # When running libvirtd unprivileged, it may be desirable to # override the configs in this location. Set this parameter to # point to the directory, and create a qemu.conf in that location # -#vnc_sasl_dir = "/some/directory/sasl2" +#vnc_sasl_dir = "/some/directory/sasl" # QEMU implements an extension for providing audio over a VNC connection, @@ -211,17 +211,17 @@ # Enable use of SASL encryption on the SPICE server. This requires # a SPICE client which supports the SASL protocol extension. # -# It is necessary to configure /etc/sasl2/qemu.conf to choose +# It is necessary to configure /etc/sasl/qemu.conf to choose # the desired SASL plugin (eg, GSSPI for Kerberos) # #spice_sasl = 1 -# The default SASL configuration file is located in /etc/sasl2/ +# The default SASL configuration file is located in /etc/sasl/ # When running libvirtd unprivileged, it may be desirable to # override the configs in this location. Set this parameter to # point to the directory, and create a qemu.conf in that location # -#spice_sasl_dir = "/some/directory/sasl2" +#spice_sasl_dir = "/some/directory/sasl" # Enable use of TLS encryption on the chardev TCP transports. # diff -urp libvirt-5.1.0.orig/src/qemu/test_libvirtd_qemu.aug.in libvirt-5.1.0/src/qemu/test_libvirtd_qemu.aug.in --- libvirt-5.1.0.orig/src/qemu/test_libvirtd_qemu.aug.in 2019-03-23 11:37:08.358000000 +0100 +++ libvirt-5.1.0/src/qemu/test_libvirtd_qemu.aug.in 2019-03-23 11:37:35.455000000 +0100 @@ -13,7 +13,7 @@ module Test_libvirtd_qemu = { "vnc_tls_x509_verify" = "1" } { "vnc_password" = "XYZ12345" } { "vnc_sasl" = "1" } -{ "vnc_sasl_dir" = "/some/directory/sasl2" } +{ "vnc_sasl_dir" = "/some/directory/sasl" } { "vnc_allow_host_audio" = "0" } { "spice_listen" = "0.0.0.0" } { "spice_tls" = "1" } @@ -21,7 +21,7 @@ module Test_libvirtd_qemu = { "spice_auto_unix_socket" = "1" } { "spice_password" = "XYZ12345" } { "spice_sasl" = "1" } -{ "spice_sasl_dir" = "/some/directory/sasl2" } +{ "spice_sasl_dir" = "/some/directory/sasl" } { "chardev_tls" = "1" } { "chardev_tls_x509_cert_dir" = "/etc/pki/libvirt-chardev" } { "chardev_tls_x509_verify" = "1" } diff -urp libvirt-5.1.0.orig/src/remote/libvirtd.conf libvirt-5.1.0/src/remote/libvirtd.conf --- libvirt-5.1.0.orig/src/remote/libvirtd.conf 2019-03-23 11:37:08.359000000 +0100 +++ libvirt-5.1.0/src/remote/libvirtd.conf 2019-03-23 11:37:35.455000000 +0100 @@ -123,7 +123,7 @@ # the network providing auth (eg, TLS/x509 certificates) # # - sasl: use SASL infrastructure. The actual auth scheme is then -# controlled from /etc/sasl2/libvirt.conf. For the TCP +# controlled from /etc/sasl/libvirt.conf. For the TCP # socket only GSSAPI & DIGEST-MD5 mechanisms will be used. # For non-TCP or TLS sockets, any scheme is allowed. # @@ -154,7 +154,7 @@ # If you don't enable SASL, then all TCP traffic is cleartext. # Don't do this outside of a dev/test scenario. For real world # use, always enable SASL and use the GSSAPI or DIGEST-MD5 -# mechanism in /etc/sasl2/libvirt.conf +# mechanism in /etc/sasl/libvirt.conf #auth_tcp = "sasl" # Change the authentication scheme for TLS sockets. diff -urp libvirt-5.1.0.orig/src/remote/Makefile.inc.am libvirt-5.1.0/src/remote/Makefile.inc.am --- libvirt-5.1.0.orig/src/remote/Makefile.inc.am 2019-03-23 11:37:08.358000000 +0100 +++ libvirt-5.1.0/src/remote/Makefile.inc.am 2019-03-23 11:39:17.701000000 +0100 @@ -242,7 +242,7 @@ endif WITH_LIBVIRTD # This is needed for clients too, so can't wrap in # the WITH_LIBVIRTD conditional if WITH_SASL -sasldir = $(sysconfdir)/sasl2 +sasldir = $(sysconfdir)/sasl install-sasl: $(MKDIR_P) $(DESTDIR)$(sasldir) diff -urp libvirt-5.1.0.orig/tests/qemuargv2xmldata/graphics-vnc-sasl.args libvirt-5.1.0/tests/qemuargv2xmldata/graphics-vnc-sasl.args --- libvirt-5.1.0.orig/tests/qemuargv2xmldata/graphics-vnc-sasl.args 2019-03-23 11:37:08.489000000 +0100 +++ libvirt-5.1.0/tests/qemuargv2xmldata/graphics-vnc-sasl.args 2019-03-23 11:37:35.455000000 +0100 @@ -3,7 +3,7 @@ PATH=/bin \ HOME=/home/test \ USER=test \ LOGNAME=test \ -SASL_CONF_PATH=/root/.sasl2 \ +SASL_CONF_PATH=/root/.sasl \ QEMU_AUDIO_DRV=none \ /usr/bin/qemu-system-i686 \ -name QEMUGuest1 \ diff -urp libvirt-5.1.0.orig/tests/qemuargv2xmldata/graphics-vnc-tls.args libvirt-5.1.0/tests/qemuargv2xmldata/graphics-vnc-tls.args --- libvirt-5.1.0.orig/tests/qemuargv2xmldata/graphics-vnc-tls.args 2019-03-23 11:37:08.489000000 +0100 +++ libvirt-5.1.0/tests/qemuargv2xmldata/graphics-vnc-tls.args 2019-03-23 11:37:35.456000000 +0100 @@ -3,7 +3,7 @@ PATH=/bin \ HOME=/home/test \ USER=test \ LOGNAME=test \ -SASL_CONF_PATH=/root/.sasl2 \ +SASL_CONF_PATH=/root/.sasl \ QEMU_AUDIO_DRV=none \ /usr/bin/qemu-system-i686 \ -name QEMUGuest1 \ diff -urp libvirt-5.1.0.orig/tests/qemuxml2argvdata/graphics-spice-sasl.args libvirt-5.1.0/tests/qemuxml2argvdata/graphics-spice-sasl.args --- libvirt-5.1.0.orig/tests/qemuxml2argvdata/graphics-spice-sasl.args 2019-03-23 11:37:08.535000000 +0100 +++ libvirt-5.1.0/tests/qemuxml2argvdata/graphics-spice-sasl.args 2019-03-23 11:37:35.456000000 +0100 @@ -3,7 +3,7 @@ PATH=/bin \ HOME=/home/test \ USER=test \ LOGNAME=test \ -SASL_CONF_PATH=/root/.sasl2 \ +SASL_CONF_PATH=/root/.sasl \ QEMU_AUDIO_DRV=spice \ /usr/bin/qemu-system-i686 \ -name QEMUGuest1 \ diff -urp libvirt-5.1.0.orig/tests/qemuxml2argvdata/graphics-vnc-sasl.args libvirt-5.1.0/tests/qemuxml2argvdata/graphics-vnc-sasl.args --- libvirt-5.1.0.orig/tests/qemuxml2argvdata/graphics-vnc-sasl.args 2019-03-23 11:37:08.535000000 +0100 +++ libvirt-5.1.0/tests/qemuxml2argvdata/graphics-vnc-sasl.args 2019-03-23 11:37:35.456000000 +0100 @@ -3,7 +3,7 @@ PATH=/bin \ HOME=/home/test \ USER=test \ LOGNAME=test \ -SASL_CONF_PATH=/root/.sasl2 \ +SASL_CONF_PATH=/root/.sasl \ QEMU_AUDIO_DRV=none \ /usr/bin/qemu-system-i686 \ -name QEMUGuest1 \ diff -urp libvirt-5.1.0.orig/tests/qemuxml2argvdata/graphics-vnc-tls.args libvirt-5.1.0/tests/qemuxml2argvdata/graphics-vnc-tls.args --- libvirt-5.1.0.orig/tests/qemuxml2argvdata/graphics-vnc-tls.args 2019-03-23 11:37:08.536000000 +0100 +++ libvirt-5.1.0/tests/qemuxml2argvdata/graphics-vnc-tls.args 2019-03-23 11:37:35.456000000 +0100 @@ -3,7 +3,7 @@ PATH=/bin \ HOME=/home/test \ USER=test \ LOGNAME=test \ -SASL_CONF_PATH=/root/.sasl2 \ +SASL_CONF_PATH=/root/.sasl \ QEMU_AUDIO_DRV=none \ /usr/bin/qemu-system-i686 \ -name QEMUGuest1 \ diff -urp libvirt-5.1.0.orig/tests/qemuxml2argvtest.c libvirt-5.1.0/tests/qemuxml2argvtest.c --- libvirt-5.1.0.orig/tests/qemuxml2argvtest.c 2019-03-23 11:37:08.378000000 +0100 +++ libvirt-5.1.0/tests/qemuxml2argvtest.c 2019-03-23 11:37:35.456000000 +0100 @@ -1212,7 +1212,7 @@ mymain(void) driver.config->vncSASL = 1; VIR_FREE(driver.config->vncSASLdir); - ignore_value(VIR_STRDUP(driver.config->vncSASLdir, "/root/.sasl2")); + ignore_value(VIR_STRDUP(driver.config->vncSASLdir, "/root/.sasl")); DO_TEST("graphics-vnc-sasl", QEMU_CAPS_VNC, QEMU_CAPS_DEVICE_CIRRUS_VGA); driver.config->vncTLS = 1; driver.config->vncTLSx509verify = 1; @@ -1244,7 +1244,7 @@ mymain(void) DO_TEST("graphics-spice-no-args", QEMU_CAPS_SPICE, QEMU_CAPS_DEVICE_CIRRUS_VGA); driver.config->spiceSASL = 1; - ignore_value(VIR_STRDUP(driver.config->spiceSASLdir, "/root/.sasl2")); + ignore_value(VIR_STRDUP(driver.config->spiceSASLdir, "/root/.sasl")); DO_TEST("graphics-spice-sasl", QEMU_CAPS_SPICE, QEMU_CAPS_DEVICE_QXL); diff -urp libvirt-5.1.0.orig/tests/virconfdata/libvirtd.conf libvirt-5.1.0/tests/virconfdata/libvirtd.conf --- libvirt-5.1.0.orig/tests/virconfdata/libvirtd.conf 2019-03-23 11:37:09.290000000 +0100 +++ libvirt-5.1.0/tests/virconfdata/libvirtd.conf 2019-03-23 11:37:35.456000000 +0100 @@ -108,7 +108,7 @@ unix_sock_admin_perms = "0700" # the network providing auth (eg, TLS/x509 certificates) # # - sasl: use SASL infrastructure. The actual auth scheme is then -# controlled from /etc/sasl2/libvirt.conf. For the TCP +# controlled from /etc/sasl/libvirt.conf. For the TCP # socket only GSSAPI & DIGEST-MD5 mechanisms will be used. # For non-TCP or TLS sockets, any scheme is allowed. # @@ -139,7 +139,7 @@ auth_unix_rw = "none" # If you don't enable SASL, then all TCP traffic is cleartext. # Don't do this outside of a dev/test scenario. For real world # use, always enable SASL and use the GSSAPI or DIGEST-MD5 -# mechanism in /etc/sasl2/libvirt.conf +# mechanism in /etc/sasl/libvirt.conf auth_tcp = "sasl" # Change the authentication scheme for TLS sockets. diff -urp libvirt-5.1.0.orig/tests/virconfdata/libvirtd.out libvirt-5.1.0/tests/virconfdata/libvirtd.out --- libvirt-5.1.0.orig/tests/virconfdata/libvirtd.out 2019-03-23 11:37:09.290000000 +0100 +++ libvirt-5.1.0/tests/virconfdata/libvirtd.out 2019-03-23 11:37:35.456000000 +0100 @@ -87,7 +87,7 @@ unix_sock_admin_perms = "0700" # the network providing auth (eg, TLS/x509 certificates) # # - sasl: use SASL infrastructure. The actual auth scheme is then -# controlled from /etc/sasl2/libvirt.conf. For the TCP +# controlled from /etc/sasl/libvirt.conf. For the TCP # socket only GSSAPI & DIGEST-MD5 mechanisms will be used. # For non-TCP or TLS sockets, any scheme is allowed. # @@ -116,7 +116,7 @@ auth_unix_rw = "none" # If you don't enable SASL, then all TCP traffic is cleartext. # Don't do this outside of a dev/test scenario. For real world # use, always enable SASL and use the GSSAPI or DIGEST-MD5 -# mechanism in /etc/sasl2/libvirt.conf +# mechanism in /etc/sasl/libvirt.conf auth_tcp = "sasl" # Change the authentication scheme for TLS sockets. #