Ubuntu
libvirt package

libvirt tries to read /etc/sasl/libvirt.conf not /etc/sasl2/libvirt.conf despite docs

Bug #546745 reported by Craig Ringer
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
libvirt (Debian)
New
Unknown
libvirt (Ubuntu)
Confirmed
Low
Unassigned

Bug Description

Description: Ubuntu 9.10
Release: 9.10
Codename: karmic

libvirtd (libvirt) 0.7.0

/etc/libvirt/libvirtd.conf contains the comment:

# - sasl: use SASL infrastructure. The actual auth scheme is then
# controlled from /etc/sasl2/libvirt.conf. For the TCP
# socket only GSSAPI & DIGEST-MD5 mechanisms will be used.
# For non-TCP or TLS sockets, any scheme is allowed.
#

yet strace'ing libvirtd startup reveals that it's actually looking for /etc/sasl/libvirt.conf, which is why sasl authentication is not working . It should be reading /etc/sasl2/libvirt.conf.

Once /etc/sasl2 is symlinked to /etc/sasl, it still fails, but that's another bug.

Tags: patch
Mathias Gug (mathiaz)
Changed in libvirt (Ubuntu):
importance: Undecided → Low
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Thank you for taking the time to report this bug and helping to make Ubuntu better. The issue that you reported is one that should be reproducible with the live environment of the Desktop CD of the development release - Lucid Lynx. It would help us greatly if you could test with it so we can work on getting it fixed in the next release of Ubuntu. You can find out more about the development release at http://www.ubuntu.com/testing/ . Thanks again and we appreciate your help.

Changed in libvirt (Ubuntu):
assignee: nobody → Jamie Strandboge (jdstrand)
status: New → Incomplete
Revision history for this message
Peter Selby (niten) wrote :

Description: Ubuntu 10.10
Release: 10.10
Codename: maverick

libvirtd (libvirt) 0.8.3

This bug still exists in 10.10 and 0.8.3. All available docs that I've seen refer to /etc/sasl2/libvirt.conf, but strace still reports that only /etc/sasl/libvirt.conf (and /usr/lib/sasl2/libvirt.conf) are actually accessed.

Linking /etc/sasl2 to /etc/sasl solved the problem for me, and I've got Kerberos working with libvirt now.

Neil Wilson (neil-aldur)
Changed in libvirt (Ubuntu):
status: Incomplete → Confirmed
Revision history for this message
Neil Wilson (neil-aldur) wrote :

The cyrus-sasl package in Debian/Ubuntu uses '/etc/sasl' as the standard directory in which to find the application configurations.

The fault here with the libvirt package is that it is putting the example sasl configuration in /etc/sasl2 which is wrong for Debian/Ubuntu.

Revision history for this message
Neil Wilson (neil-aldur) wrote :
Brian Murray (brian-murray)
tags: added: patch
Revision history for this message
Neil Wilson (neil-aldur) wrote :

Note that apparmor will need adjusting to allow qemu to access /etc/sasl

Revision history for this message
Neil Wilson (neil-aldur) wrote :

/etc/apparmor.d/abstractions/libvirt-qemu needs

/etc/sasl/qemu.conf r,

adding to it.

Bug Watch Updater (bug-watch-updater)
Changed in libvirt (Debian):
status: Unknown → New
Jamie Strandboge (jdstrand)
Changed in libvirt (Ubuntu):
assignee: Jamie Strandboge (jdstrand) → nobody
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.