[packages/libvirt.git] / libvirt-sasl.patch

diff -ru libvirt-0.8.8/daemon/libvirtd.conf libvirt-0.8.8-sasl/daemon/libvirtd.conf
--- libvirt-0.8.8/daemon/libvirtd.conf	2010-12-20 14:35:22.000000000 +0100
+++ libvirt-0.8.8-sasl/daemon/libvirtd.conf	2011-04-28 11:45:47.727741165 +0200
@@ -111,7 +111,7 @@
 #          the network providing auth (eg, TLS/x509 certificates)
 #
 #  - sasl: use SASL infrastructure. The actual auth scheme is then
-#          controlled from /etc/sasl2/libvirt.conf. For the TCP
+#          controlled from /etc/sasl/libvirt.conf. For the TCP
 #          socket only GSSAPI & DIGEST-MD5 mechanisms will be used.
 #          For non-TCP or TLS sockets,  any scheme is allowed.
 #
@@ -142,7 +142,7 @@
 # If you don't enable SASL, then all TCP traffic is cleartext.
 # Don't do this outside of a dev/test scenario. For real world
 # use, always enable SASL and use the GSSAPI or DIGEST-MD5
-# mechanism in /etc/sasl2/libvirt.conf
+# mechanism in /etc/sasl/libvirt.conf
 #auth_tcp = "sasl"
 
 # Change the authentication scheme for TLS sockets.
diff -ru libvirt-0.8.8/daemon/Makefile.am libvirt-0.8.8-sasl/daemon/Makefile.am
--- libvirt-0.8.8/daemon/Makefile.am	2011-01-31 02:30:59.000000000 +0100
+++ libvirt-0.8.8-sasl/daemon/Makefile.am	2011-04-28 11:45:47.703741165 +0200
@@ -326,12 +326,12 @@
 # the WITH_LIBVIRTD conditional
 if HAVE_SASL
 install-data-sasl:
-	$(MKDIR_P) $(DESTDIR)$(sysconfdir)/sasl2/
-	$(INSTALL_DATA) $(srcdir)/libvirtd.sasl $(DESTDIR)$(sysconfdir)/sasl2/libvirt.conf
+	$(MKDIR_P) $(DESTDIR)$(sysconfdir)/sasl/
+	$(INSTALL_DATA) $(srcdir)/libvirtd.sasl $(DESTDIR)$(sysconfdir)/sasl/libvirt.conf
 
 uninstall-data-sasl:
-	rm -f $(DESTDIR)$(sysconfdir)/sasl2/libvirt.conf
-	rmdir $(DESTDIR)$(sysconfdir)/sasl2/ || :
+	rm -f $(DESTDIR)$(sysconfdir)/sasl/libvirt.conf
+	rmdir $(DESTDIR)$(sysconfdir)/sasl/ || :
 else
 install-data-sasl:
 uninstall-data-sasl:
diff -ru libvirt-0.8.8/daemon/test_libvirtd.aug libvirt-0.8.8-sasl/daemon/test_libvirtd.aug
--- libvirt-0.8.8/daemon/test_libvirtd.aug	2011-01-31 02:30:59.000000000 +0100
+++ libvirt-0.8.8-sasl/daemon/test_libvirtd.aug	2011-04-28 11:45:47.697741165 +0200
@@ -108,7 +108,7 @@
 #          the network providing auth (eg, TLS/x509 certificates)
 #
 #  - sasl: use SASL infrastructure. The actual auth scheme is then
-#          controlled from /etc/sasl2/libvirt.conf. For the TCP
+#          controlled from /etc/sasl/libvirt.conf. For the TCP
 #          socket only GSSAPI & DIGEST-MD5 mechanisms will be used.
 #          For non-TCP or TLS sockets,  any scheme is allowed.
 #
@@ -139,7 +139,7 @@
 # If you don't enable SASL, then all TCP traffic is cleartext.
 # Don't do this outside of a dev/test scenario. For real world
 # use, always enable SASL and use the GSSAPI or DIGEST-MD5
-# mechanism in /etc/sasl2/libvirt.conf
+# mechanism in /etc/sasl/libvirt.conf
 auth_tcp = \"sasl\"
 
 # Change the authentication scheme for TLS sockets.
@@ -383,7 +383,7 @@
         { "#comment" = "the network providing auth (eg, TLS/x509 certificates)" }
         { "#comment" = "" }
         { "#comment" = "- sasl: use SASL infrastructure. The actual auth scheme is then" }
-        { "#comment" = "controlled from /etc/sasl2/libvirt.conf. For the TCP" }
+        { "#comment" = "controlled from /etc/sasl/libvirt.conf. For the TCP" }
         { "#comment" = "socket only GSSAPI & DIGEST-MD5 mechanisms will be used." }
         { "#comment" = "For non-TCP or TLS sockets,  any scheme is allowed." }
         { "#comment" = "" }
@@ -414,7 +414,7 @@
         { "#comment" = "If you don't enable SASL, then all TCP traffic is cleartext." }
         { "#comment" = "Don't do this outside of a dev/test scenario. For real world" }
         { "#comment" = "use, always enable SASL and use the GSSAPI or DIGEST-MD5" }
-        { "#comment" = "mechanism in /etc/sasl2/libvirt.conf" }
+        { "#comment" = "mechanism in /etc/sasl/libvirt.conf" }
         { "auth_tcp" = "sasl" }
         { "#empty" }
         { "#comment" = "Change the authentication scheme for TLS sockets." }
diff -ru libvirt-0.8.8/docs/auth.html libvirt-0.8.8-sasl/docs/auth.html
--- libvirt-0.8.8/docs/auth.html	2011-02-17 05:13:12.000000000 +0100
+++ libvirt-0.8.8-sasl/docs/auth.html	2011-04-28 11:45:43.429741167 +0200
@@ -273,7 +273,7 @@
 The plain TCP socket of the libvirt daemon defaults to using SASL for authentication.
 The SASL mechanism configured by default is DIGEST-MD5, which provides a basic
 username+password style authentication. To enable Kerberos single-sign-on instead,
-the libvirt SASL configuration file must be changed. This is <code>/etc/sasl2/libvirt.conf</code>.
+the libvirt SASL configuration file must be changed. This is <code>/etc/sasl/libvirt.conf</code>.
 The <code>mech_list</code> parameter must first be changed to <code>gssapi</code>
 instead of the default <code>digest-md5</code>. If SASL is enabled on the UNIX
 and/or TLS sockets, Kerberos will also be used for them. Like DIGEST-MD5, the Kerberos
diff -ru libvirt-0.8.8/docs/auth.html.in libvirt-0.8.8-sasl/docs/auth.html.in
--- libvirt-0.8.8/docs/auth.html.in	2010-12-20 14:35:22.000000000 +0100
+++ libvirt-0.8.8-sasl/docs/auth.html.in	2011-04-28 11:45:43.586741167 +0200
@@ -115,7 +115,7 @@
 The plain TCP socket of the libvirt daemon defaults to using SASL for authentication.
 The SASL mechanism configured by default is DIGEST-MD5, which provides a basic
 username+password style authentication. To enable Kerberos single-sign-on instead,
-the libvirt SASL configuration file must be changed. This is <code>/etc/sasl2/libvirt.conf</code>.
+the libvirt SASL configuration file must be changed. This is <code>/etc/sasl/libvirt.conf</code>.
 The <code>mech_list</code> parameter must first be changed to <code>gssapi</code>
 instead of the default <code>digest-md5</code>. If SASL is enabled on the UNIX
 and/or TLS sockets, Kerberos will also be used for them. Like DIGEST-MD5, the Kerberos
diff -ru libvirt-0.8.8/libvirt.spec libvirt-0.8.8-sasl/libvirt.spec
--- libvirt-0.8.8/libvirt.spec	2011-02-17 05:13:09.000000000 +0100
+++ libvirt-0.8.8-sasl/libvirt.spec	2011-04-28 11:45:43.675741167 +0200
@@ -933,7 +933,7 @@
 %dir %attr(0755, root, root) %{_localstatedir}/lib/libvirt/
 
 %if %{with_sasl}
-%config(noreplace) %{_sysconfdir}/sasl2/libvirt.conf
+%config(noreplace) %{_sysconfdir}/sasl/libvirt.conf
 %endif
 
 %files devel
diff -ru libvirt-0.8.8/libvirt.spec.in libvirt-0.8.8-sasl/libvirt.spec.in
--- libvirt-0.8.8/libvirt.spec.in	2011-02-17 05:10:58.000000000 +0100
+++ libvirt-0.8.8-sasl/libvirt.spec.in	2011-04-28 11:45:43.672741167 +0200
@@ -933,7 +933,7 @@
 %dir %attr(0755, root, root) %{_localstatedir}/lib/libvirt/
 
 %if %{with_sasl}
-%config(noreplace) %{_sysconfdir}/sasl2/libvirt.conf
+%config(noreplace) %{_sysconfdir}/sasl/libvirt.conf
 %endif
 
 %files devel
diff -ru libvirt-0.8.8/src/qemu/qemu.conf libvirt-0.8.8-sasl/src/qemu/qemu.conf
--- libvirt-0.8.8/src/qemu/qemu.conf	2011-02-16 07:36:53.000000000 +0100
+++ libvirt-0.8.8-sasl/src/qemu/qemu.conf	2011-04-28 11:45:47.091741165 +0200
@@ -74,18 +74,18 @@
 # Examples include vinagre, virt-viewer and virt-manager
 # itself. UltraVNC, RealVNC, TightVNC do not support this
 #
-# It is necessary to configure /etc/sasl2/qemu.conf to choose
+# It is necessary to configure /etc/sasl/qemu.conf to choose
 # the desired SASL plugin (eg, GSSPI for Kerberos)
 #
 # vnc_sasl = 1
 
 
-# The default SASL configuration file is located in /etc/sasl2/
+# The default SASL configuration file is located in /etc/sasl/
 # When running libvirtd unprivileged, it may be desirable to
 # override the configs in this location. Set this parameter to
 # point to the directory, and create a qemu.conf in that location
 #
-# vnc_sasl_dir = "/some/directory/sasl2"
+# vnc_sasl_dir = "/some/directory/sasl"
 
 
 
diff -ru libvirt-0.8.8/src/qemu/test_libvirtd_qemu.aug libvirt-0.8.8-sasl/src/qemu/test_libvirtd_qemu.aug
--- libvirt-0.8.8/src/qemu/test_libvirtd_qemu.aug	2011-01-31 02:30:59.000000000 +0100
+++ libvirt-0.8.8-sasl/src/qemu/test_libvirtd_qemu.aug	2011-04-28 11:45:47.103741165 +0200
@@ -67,18 +67,18 @@
 # Examples include vinagre, virt-viewer and virt-manager
 # itself. UltraVNC, RealVNC, TightVNC do not support this
 #
-# It is necessary to configure /etc/sasl2/qemu.conf to choose
+# It is necessary to configure /etc/sasl/qemu.conf to choose
 # the desired SASL plugin (eg, GSSPI for Kerberos)
 #
 vnc_sasl = 1
 
 
-# The default SASL configuration file is located in /etc/sasl2/
+# The default SASL configuration file is located in /etc/sasl/
 # When running libvirtd unprivileged, it may be desirable to
 # override the configs in this location. Set this parameter to
 # point to the directory, and create a qemu.conf in that location
 #
-vnc_sasl_dir = \"/some/directory/sasl2\"
+vnc_sasl_dir = \"/some/directory/sasl\"
 
 security_driver = \"selinux\"
 
@@ -181,18 +181,18 @@
 { "#comment" = "Examples include vinagre, virt-viewer and virt-manager" }
 { "#comment" = "itself. UltraVNC, RealVNC, TightVNC do not support this" }
 { "#comment" = "" }
-{ "#comment" = "It is necessary to configure /etc/sasl2/qemu.conf to choose" }
+{ "#comment" = "It is necessary to configure /etc/sasl/qemu.conf to choose" }
 { "#comment" = "the desired SASL plugin (eg, GSSPI for Kerberos)" }
 { "#comment" = "" }
 { "vnc_sasl" = "1" }
 { "#empty" }
 { "#empty" }
-{ "#comment" = "The default SASL configuration file is located in /etc/sasl2/" }
+{ "#comment" = "The default SASL configuration file is located in /etc/sasl/" }
 { "#comment" = "When running libvirtd unprivileged, it may be desirable to" }
 { "#comment" = "override the configs in this location. Set this parameter to" }
 { "#comment" = "point to the directory, and create a qemu.conf in that location" }
 { "#comment" = "" }
-{ "vnc_sasl_dir" = "/some/directory/sasl2" }
+{ "vnc_sasl_dir" = "/some/directory/sasl" }
 { "#empty" }
 { "security_driver" = "selinux" }
 { "#empty" }
diff -ru libvirt-0.8.8/tests/confdata/libvirtd.conf libvirt-0.8.8-sasl/tests/confdata/libvirtd.conf
--- libvirt-0.8.8/tests/confdata/libvirtd.conf	2010-05-27 14:03:22.000000000 +0200
+++ libvirt-0.8.8-sasl/tests/confdata/libvirtd.conf	2011-04-28 11:45:46.878741165 +0200
@@ -102,7 +102,7 @@
 #          the network providing auth (eg, TLS/x509 certificates)
 #
 #  - sasl: use SASL infrastructure. The actual auth scheme is then
-#          controlled from /etc/sasl2/libvirt.conf. For the TCP
+#          controlled from /etc/sasl/libvirt.conf. For the TCP
 #          socket only GSSAPI & DIGEST-MD5 mechanisms will be used.
 #          For non-TCP or TLS sockets,  any scheme is allowed.
 #
@@ -133,7 +133,7 @@
 # If you don't enable SASL, then all TCP traffic is cleartext.
 # Don't do this outside of a dev/test scenario. For real world
 # use, always enable SASL and use the GSSAPI or DIGEST-MD5
-# mechanism in /etc/sasl2/libvirt.conf
+# mechanism in /etc/sasl/libvirt.conf
 auth_tcp = "sasl"
 
 # Change the authentication scheme for TLS sockets.
diff -ru libvirt-0.8.8/tests/confdata/libvirtd.out libvirt-0.8.8-sasl/tests/confdata/libvirtd.out
--- libvirt-0.8.8/tests/confdata/libvirtd.out	2010-05-27 14:03:22.000000000 +0200
+++ libvirt-0.8.8-sasl/tests/confdata/libvirtd.out	2011-04-28 11:45:46.875741165 +0200
@@ -82,7 +82,7 @@
 #          the network providing auth (eg, TLS/x509 certificates)
 #
 #  - sasl: use SASL infrastructure. The actual auth scheme is then
-#          controlled from /etc/sasl2/libvirt.conf. For the TCP
+#          controlled from /etc/sasl/libvirt.conf. For the TCP
 #          socket only GSSAPI & DIGEST-MD5 mechanisms will be used.
 #          For non-TCP or TLS sockets,  any scheme is allowed.
 #
@@ -111,7 +111,7 @@
 # If you don't enable SASL, then all TCP traffic is cleartext.
 # Don't do this outside of a dev/test scenario. For real world
 # use, always enable SASL and use the GSSAPI or DIGEST-MD5
-# mechanism in /etc/sasl2/libvirt.conf
+# mechanism in /etc/sasl/libvirt.conf
 auth_tcp = "sasl"
 # Change the authentication scheme for TLS sockets.
 #
diff -ru libvirt-0.8.8/tests/qemuargv2xmltest.c libvirt-0.8.8-sasl/tests/qemuargv2xmltest.c
--- libvirt-0.8.8/tests/qemuargv2xmltest.c	2011-01-24 03:59:21.000000000 +0100
+++ libvirt-0.8.8-sasl/tests/qemuargv2xmltest.c	2011-04-28 11:45:46.964741165 +0200
@@ -181,7 +181,7 @@
     DO_TEST("graphics-vnc-socket");
 
     driver.vncSASL = 1;
-    driver.vncSASLdir = strdup("/root/.sasl2");
+    driver.vncSASLdir = strdup("/root/.sasl");
     DO_TEST("graphics-vnc-sasl");
     driver.vncTLS = 1;
     driver.vncTLSx509verify = 1;
diff -ru libvirt-0.8.8/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-sasl.args libvirt-0.8.8-sasl/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-sasl.args
--- libvirt-0.8.8/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-sasl.args	2011-02-03 15:05:31.000000000 +0100
+++ libvirt-0.8.8-sasl/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-sasl.args	2011-04-28 11:45:46.860741165 +0200
@@ -1,5 +1,5 @@
 LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test \
-SASL_CONF_DIR=/root/.sasl2 QEMU_AUDIO_DRV=none /usr/bin/qemu -S -M pc -m 214 \
+SASL_CONF_DIR=/root/.sasl QEMU_AUDIO_DRV=none /usr/bin/qemu -S -M pc -m 214 \
 -smp 1 -monitor unix:/tmp/test-monitor,server,nowait -no-acpi -boot c -hda \
 /dev/HostVG/QEMUGuest1 -net none -serial none -parallel none -usb -vnc \
 127.0.0.1:3,sasl -vga cirrus
diff -ru libvirt-0.8.8/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-tls.args libvirt-0.8.8-sasl/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-tls.args
--- libvirt-0.8.8/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-tls.args	2011-02-03 15:05:31.000000000 +0100
+++ libvirt-0.8.8-sasl/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-tls.args	2011-04-28 11:45:46.864741165 +0200
@@ -1,5 +1,5 @@
 LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test \
-SASL_CONF_DIR=/root/.sasl2 QEMU_AUDIO_DRV=none /usr/bin/qemu -S -M pc -m 214 \
+SASL_CONF_DIR=/root/.sasl QEMU_AUDIO_DRV=none /usr/bin/qemu -S -M pc -m 214 \
 -smp 1 -monitor unix:/tmp/test-monitor,server,nowait -no-acpi -boot c -hda \
 /dev/HostVG/QEMUGuest1 -net none -serial none -parallel none -usb -vnc \
 127.0.0.1:3,tls,x509verify=/etc/pki/tls/qemu,sasl
diff -ru libvirt-0.8.8/tests/qemuxml2argvtest.c libvirt-0.8.8-sasl/tests/qemuxml2argvtest.c
--- libvirt-0.8.8/tests/qemuxml2argvtest.c	2011-02-11 10:46:59.000000000 +0100
+++ libvirt-0.8.8-sasl/tests/qemuxml2argvtest.c	2011-04-28 11:45:46.767741165 +0200
@@ -335,7 +335,7 @@
     DO_TEST("graphics-vnc-socket", 0, false);
 
     driver.vncSASL = 1;
-    driver.vncSASLdir = strdup("/root/.sasl2");
+    driver.vncSASLdir = strdup("/root/.sasl");
     DO_TEST("graphics-vnc-sasl", false, QEMU_CAPS_VGA);
     driver.vncTLS = 1;
     driver.vncTLSx509verify = 1;
Commit	Line	Data
72b1baa0 JR	1	diff -ru libvirt-0.8.8/daemon/libvirtd.conf libvirt-0.8.8-sasl/daemon/libvirtd.conf
	2	--- libvirt-0.8.8/daemon/libvirtd.conf 2010-12-20 14:35:22.000000000 +0100
	3	+++ libvirt-0.8.8-sasl/daemon/libvirtd.conf 2011-04-28 11:45:47.727741165 +0200
	4	@@ -111,7 +111,7 @@
	5	# the network providing auth (eg, TLS/x509 certificates)
	6	#
	7	# - sasl: use SASL infrastructure. The actual auth scheme is then
	8	-# controlled from /etc/sasl2/libvirt.conf. For the TCP
	9	+# controlled from /etc/sasl/libvirt.conf. For the TCP
	10	# socket only GSSAPI & DIGEST-MD5 mechanisms will be used.
	11	# For non-TCP or TLS sockets, any scheme is allowed.
	12	#
	13	@@ -142,7 +142,7 @@
	14	# If you don't enable SASL, then all TCP traffic is cleartext.
	15	# Don't do this outside of a dev/test scenario. For real world
	16	# use, always enable SASL and use the GSSAPI or DIGEST-MD5
	17	-# mechanism in /etc/sasl2/libvirt.conf
	18	+# mechanism in /etc/sasl/libvirt.conf
	19	#auth_tcp = "sasl"
	20
	21	# Change the authentication scheme for TLS sockets.
	22	diff -ru libvirt-0.8.8/daemon/Makefile.am libvirt-0.8.8-sasl/daemon/Makefile.am
	23	--- libvirt-0.8.8/daemon/Makefile.am 2011-01-31 02:30:59.000000000 +0100
	24	+++ libvirt-0.8.8-sasl/daemon/Makefile.am 2011-04-28 11:45:47.703741165 +0200
	25	@@ -326,12 +326,12 @@
	26	# the WITH_LIBVIRTD conditional
	27	if HAVE_SASL
	28	install-data-sasl:
a0b92b5f	29	- $(MKDIR_P) $(DESTDIR)$(sysconfdir)/sasl2/
72b1baa0	30	- $(INSTALL_DATA) $(srcdir)/libvirtd.sasl $(DESTDIR)$(sysconfdir)/sasl2/libvirt.conf
a0b92b5f	31	+ $(MKDIR_P) $(DESTDIR)$(sysconfdir)/sasl/
72b1baa0 JR	32	+ $(INSTALL_DATA) $(srcdir)/libvirtd.sasl $(DESTDIR)$(sysconfdir)/sasl/libvirt.conf
	33
	34	uninstall-data-sasl:
	35	- rm -f $(DESTDIR)$(sysconfdir)/sasl2/libvirt.conf
a0b92b5f	36	- rmdir $(DESTDIR)$(sysconfdir)/sasl2/ \|\| :
72b1baa0	37	+ rm -f $(DESTDIR)$(sysconfdir)/sasl/libvirt.conf
a0b92b5f	38	+ rmdir $(DESTDIR)$(sysconfdir)/sasl/ \|\| :
72b1baa0 JR	39	else
	40	install-data-sasl:
	41	uninstall-data-sasl:
	42	diff -ru libvirt-0.8.8/daemon/test_libvirtd.aug libvirt-0.8.8-sasl/daemon/test_libvirtd.aug
	43	--- libvirt-0.8.8/daemon/test_libvirtd.aug 2011-01-31 02:30:59.000000000 +0100
	44	+++ libvirt-0.8.8-sasl/daemon/test_libvirtd.aug 2011-04-28 11:45:47.697741165 +0200
	45	@@ -108,7 +108,7 @@
	46	# the network providing auth (eg, TLS/x509 certificates)
	47	#
	48	# - sasl: use SASL infrastructure. The actual auth scheme is then
	49	-# controlled from /etc/sasl2/libvirt.conf. For the TCP
	50	+# controlled from /etc/sasl/libvirt.conf. For the TCP
	51	# socket only GSSAPI & DIGEST-MD5 mechanisms will be used.
	52	# For non-TCP or TLS sockets, any scheme is allowed.
	53	#
	54	@@ -139,7 +139,7 @@
	55	# If you don't enable SASL, then all TCP traffic is cleartext.
	56	# Don't do this outside of a dev/test scenario. For real world
	57	# use, always enable SASL and use the GSSAPI or DIGEST-MD5
	58	-# mechanism in /etc/sasl2/libvirt.conf
	59	+# mechanism in /etc/sasl/libvirt.conf
	60	auth_tcp = \"sasl\"
	61
	62	# Change the authentication scheme for TLS sockets.
	63	@@ -383,7 +383,7 @@
	64	{ "#comment" = "the network providing auth (eg, TLS/x509 certificates)" }
	65	{ "#comment" = "" }
	66	{ "#comment" = "- sasl: use SASL infrastructure. The actual auth scheme is then" }
	67	- { "#comment" = "controlled from /etc/sasl2/libvirt.conf. For the TCP" }
	68	+ { "#comment" = "controlled from /etc/sasl/libvirt.conf. For the TCP" }
	69	{ "#comment" = "socket only GSSAPI & DIGEST-MD5 mechanisms will be used." }
	70	{ "#comment" = "For non-TCP or TLS sockets, any scheme is allowed." }
	71	{ "#comment" = "" }
	72	@@ -414,7 +414,7 @@
	73	{ "#comment" = "If you don't enable SASL, then all TCP traffic is cleartext." }
	74	{ "#comment" = "Don't do this outside of a dev/test scenario. For real world" }
	75	{ "#comment" = "use, always enable SASL and use the GSSAPI or DIGEST-MD5" }
	76	- { "#comment" = "mechanism in /etc/sasl2/libvirt.conf" }
	77	+ { "#comment" = "mechanism in /etc/sasl/libvirt.conf" }
	78	{ "auth_tcp" = "sasl" }
	79	{ "#empty" }
	80	{ "#comment" = "Change the authentication scheme for TLS sockets." }
	81	diff -ru libvirt-0.8.8/docs/auth.html libvirt-0.8.8-sasl/docs/auth.html
	82	--- libvirt-0.8.8/docs/auth.html 2011-02-17 05:13:12.000000000 +0100
	83	+++ libvirt-0.8.8-sasl/docs/auth.html 2011-04-28 11:45:43.429741167 +0200
	84	@@ -273,7 +273,7 @@
	85	The plain TCP socket of the libvirt daemon defaults to using SASL for authentication.
	86	The SASL mechanism configured by default is DIGEST-MD5, which provides a basic
	87	username+password style authentication. To enable Kerberos single-sign-on instead,
	88	-the libvirt SASL configuration file must be changed. This is <code>/etc/sasl2/libvirt.conf</code>.
	89	+the libvirt SASL configuration file must be changed. This is <code>/etc/sasl/libvirt.conf</code>.
	90	The <code>mech_list</code> parameter must first be changed to <code>gssapi</code>
	91	instead of the default <code>digest-md5</code>. If SASL is enabled on the UNIX
	92	and/or TLS sockets, Kerberos will also be used for them. Like DIGEST-MD5, the Kerberos
	93	diff -ru libvirt-0.8.8/docs/auth.html.in libvirt-0.8.8-sasl/docs/auth.html.in
	94	--- libvirt-0.8.8/docs/auth.html.in 2010-12-20 14:35:22.000000000 +0100
	95	+++ libvirt-0.8.8-sasl/docs/auth.html.in 2011-04-28 11:45:43.586741167 +0200
	96	@@ -115,7 +115,7 @@
	97	The plain TCP socket of the libvirt daemon defaults to using SASL for authentication.
	98	The SASL mechanism configured by default is DIGEST-MD5, which provides a basic
	99	username+password style authentication. To enable Kerberos single-sign-on instead,
	100	-the libvirt SASL configuration file must be changed. This is <code>/etc/sasl2/libvirt.conf</code>.
	101	+the libvirt SASL configuration file must be changed. This is <code>/etc/sasl/libvirt.conf</code>.
	102	The <code>mech_list</code> parameter must first be changed to <code>gssapi</code>
103	instead of the default <code>digest-md5</code>. If SASL is enabled on the UNIX
104	and/or TLS sockets, Kerberos will also be used for them. Like DIGEST-MD5, the Kerberos
105	diff -ru libvirt-0.8.8/libvirt.spec libvirt-0.8.8-sasl/libvirt.spec
106	--- libvirt-0.8.8/libvirt.spec 2011-02-17 05:13:09.000000000 +0100
107	+++ libvirt-0.8.8-sasl/libvirt.spec 2011-04-28 11:45:43.675741167 +0200
108	@@ -933,7 +933,7 @@
109	%dir %attr(0755, root, root) %{_localstatedir}/lib/libvirt/
110
111	%if %{with_sasl}
112	-%config(noreplace) %{_sysconfdir}/sasl2/libvirt.conf
113	+%config(noreplace) %{_sysconfdir}/sasl/libvirt.conf
114	%endif
115
116	%files devel
117	diff -ru libvirt-0.8.8/libvirt.spec.in libvirt-0.8.8-sasl/libvirt.spec.in
118	--- libvirt-0.8.8/libvirt.spec.in 2011-02-17 05:10:58.000000000 +0100
119	+++ libvirt-0.8.8-sasl/libvirt.spec.in 2011-04-28 11:45:43.672741167 +0200
120	@@ -933,7 +933,7 @@
121	%dir %attr(0755, root, root) %{_localstatedir}/lib/libvirt/
122
123	%if %{with_sasl}
124	-%config(noreplace) %{_sysconfdir}/sasl2/libvirt.conf
125	+%config(noreplace) %{_sysconfdir}/sasl/libvirt.conf
126	%endif
127
128	%files devel
129	diff -ru libvirt-0.8.8/src/qemu/qemu.conf libvirt-0.8.8-sasl/src/qemu/qemu.conf
130	--- libvirt-0.8.8/src/qemu/qemu.conf 2011-02-16 07:36:53.000000000 +0100
131	+++ libvirt-0.8.8-sasl/src/qemu/qemu.conf 2011-04-28 11:45:47.091741165 +0200
132	@@ -74,18 +74,18 @@
133	# Examples include vinagre, virt-viewer and virt-manager
134	# itself. UltraVNC, RealVNC, TightVNC do not support this
135	#
136	-# It is necessary to configure /etc/sasl2/qemu.conf to choose
137	+# It is necessary to configure /etc/sasl/qemu.conf to choose
138	# the desired SASL plugin (eg, GSSPI for Kerberos)
139	#
140	# vnc_sasl = 1
141
142
143	-# The default SASL configuration file is located in /etc/sasl2/
144	+# The default SASL configuration file is located in /etc/sasl/
145	# When running libvirtd unprivileged, it may be desirable to
146	# override the configs in this location. Set this parameter to
147	# point to the directory, and create a qemu.conf in that location
148	#
149	-# vnc_sasl_dir = "/some/directory/sasl2"
150	+# vnc_sasl_dir = "/some/directory/sasl"
151
152
153
154	diff -ru libvirt-0.8.8/src/qemu/test_libvirtd_qemu.aug libvirt-0.8.8-sasl/src/qemu/test_libvirtd_qemu.aug
155	--- libvirt-0.8.8/src/qemu/test_libvirtd_qemu.aug 2011-01-31 02:30:59.000000000 +0100
156	+++ libvirt-0.8.8-sasl/src/qemu/test_libvirtd_qemu.aug 2011-04-28 11:45:47.103741165 +0200
157	@@ -67,18 +67,18 @@
158	# Examples include vinagre, virt-viewer and virt-manager
159	# itself. UltraVNC, RealVNC, TightVNC do not support this
160	#
161	-# It is necessary to configure /etc/sasl2/qemu.conf to choose
162	+# It is necessary to configure /etc/sasl/qemu.conf to choose
163	# the desired SASL plugin (eg, GSSPI for Kerberos)
164	#
165	vnc_sasl = 1
166
167
168	-# The default SASL configuration file is located in /etc/sasl2/
169	+# The default SASL configuration file is located in /etc/sasl/
170	# When running libvirtd unprivileged, it may be desirable to
171	# override the configs in this location. Set this parameter to
172	# point to the directory, and create a qemu.conf in that location
173	#
174	-vnc_sasl_dir = \"/some/directory/sasl2\"
175	+vnc_sasl_dir = \"/some/directory/sasl\"
176
177	security_driver = \"selinux\"
178
179	@@ -181,18 +181,18 @@
180	{ "#comment" = "Examples include vinagre, virt-viewer and virt-manager" }
181	{ "#comment" = "itself. UltraVNC, RealVNC, TightVNC do not support this" }
182	{ "#comment" = "" }
183	-{ "#comment" = "It is necessary to configure /etc/sasl2/qemu.conf to choose" }
184	+{ "#comment" = "It is necessary to configure /etc/sasl/qemu.conf to choose" }
185	{ "#comment" = "the desired SASL plugin (eg, GSSPI for Kerberos)" }
186	{ "#comment" = "" }
187	{ "vnc_sasl" = "1" }
188	{ "#empty" }
189	{ "#empty" }
190	-{ "#comment" = "The default SASL configuration file is located in /etc/sasl2/" }
191	+{ "#comment" = "The default SASL configuration file is located in /etc/sasl/" }
192	{ "#comment" = "When running libvirtd unprivileged, it may be desirable to" }
193	{ "#comment" = "override the configs in this location. Set this parameter to" }
194	{ "#comment" = "point to the directory, and create a qemu.conf in that location" }
195	{ "#comment" = "" }
196	-{ "vnc_sasl_dir" = "/some/directory/sasl2" }
197	+{ "vnc_sasl_dir" = "/some/directory/sasl" }
198	{ "#empty" }
199	{ "security_driver" = "selinux" }
200	{ "#empty" }
201	diff -ru libvirt-0.8.8/tests/confdata/libvirtd.conf libvirt-0.8.8-sasl/tests/confdata/libvirtd.conf
202	--- libvirt-0.8.8/tests/confdata/libvirtd.conf 2010-05-27 14:03:22.000000000 +0200
203	+++ libvirt-0.8.8-sasl/tests/confdata/libvirtd.conf 2011-04-28 11:45:46.878741165 +0200
204	@@ -102,7 +102,7 @@
205	# the network providing auth (eg, TLS/x509 certificates)
206	#
207	# - sasl: use SASL infrastructure. The actual auth scheme is then
208	-# controlled from /etc/sasl2/libvirt.conf. For the TCP
209	+# controlled from /etc/sasl/libvirt.conf. For the TCP
210	# socket only GSSAPI & DIGEST-MD5 mechanisms will be used.
211	# For non-TCP or TLS sockets, any scheme is allowed.
212	#
213	@@ -133,7 +133,7 @@
214	# If you don't enable SASL, then all TCP traffic is cleartext.
215	# Don't do this outside of a dev/test scenario. For real world
216	# use, always enable SASL and use the GSSAPI or DIGEST-MD5
217	-# mechanism in /etc/sasl2/libvirt.conf
218	+# mechanism in /etc/sasl/libvirt.conf
219	auth_tcp = "sasl"
220
221	# Change the authentication scheme for TLS sockets.
222	diff -ru libvirt-0.8.8/tests/confdata/libvirtd.out libvirt-0.8.8-sasl/tests/confdata/libvirtd.out
223	--- libvirt-0.8.8/tests/confdata/libvirtd.out 2010-05-27 14:03:22.000000000 +0200
224	+++ libvirt-0.8.8-sasl/tests/confdata/libvirtd.out 2011-04-28 11:45:46.875741165 +0200
225	@@ -82,7 +82,7 @@
226	# the network providing auth (eg, TLS/x509 certificates)
227	#
228	# - sasl: use SASL infrastructure. The actual auth scheme is then
229	-# controlled from /etc/sasl2/libvirt.conf. For the TCP
230	+# controlled from /etc/sasl/libvirt.conf. For the TCP
231	# socket only GSSAPI & DIGEST-MD5 mechanisms will be used.
232	# For non-TCP or TLS sockets, any scheme is allowed.
233	#
234	@@ -111,7 +111,7 @@
235	# If you don't enable SASL, then all TCP traffic is cleartext.
236	# Don't do this outside of a dev/test scenario. For real world
237	# use, always enable SASL and use the GSSAPI or DIGEST-MD5
238	-# mechanism in /etc/sasl2/libvirt.conf
239	+# mechanism in /etc/sasl/libvirt.conf
240	auth_tcp = "sasl"
241	# Change the authentication scheme for TLS sockets.
242	#
243	diff -ru libvirt-0.8.8/tests/qemuargv2xmltest.c libvirt-0.8.8-sasl/tests/qemuargv2xmltest.c
244	--- libvirt-0.8.8/tests/qemuargv2xmltest.c 2011-01-24 03:59:21.000000000 +0100
245	+++ libvirt-0.8.8-sasl/tests/qemuargv2xmltest.c 2011-04-28 11:45:46.964741165 +0200
246	@@ -181,7 +181,7 @@
247	DO_TEST("graphics-vnc-socket");
248
249	driver.vncSASL = 1;
250	- driver.vncSASLdir = strdup("/root/.sasl2");
251	+ driver.vncSASLdir = strdup("/root/.sasl");
252	DO_TEST("graphics-vnc-sasl");
253	driver.vncTLS = 1;
254	driver.vncTLSx509verify = 1;
255	diff -ru libvirt-0.8.8/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-sasl.args libvirt-0.8.8-sasl/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-sasl.args
256	--- libvirt-0.8.8/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-sasl.args 2011-02-03 15:05:31.000000000 +0100
257	+++ libvirt-0.8.8-sasl/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-sasl.args 2011-04-28 11:45:46.860741165 +0200
258	@@ -1,5 +1,5 @@
259	LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test \
260	-SASL_CONF_DIR=/root/.sasl2 QEMU_AUDIO_DRV=none /usr/bin/qemu -S -M pc -m 214 \
261	+SASL_CONF_DIR=/root/.sasl QEMU_AUDIO_DRV=none /usr/bin/qemu -S -M pc -m 214 \
262	-smp 1 -monitor unix:/tmp/test-monitor,server,nowait -no-acpi -boot c -hda \
263	/dev/HostVG/QEMUGuest1 -net none -serial none -parallel none -usb -vnc \
264	127.0.0.1:3,sasl -vga cirrus
265	diff -ru libvirt-0.8.8/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-tls.args libvirt-0.8.8-sasl/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-tls.args
266	--- libvirt-0.8.8/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-tls.args 2011-02-03 15:05:31.000000000 +0100
267	+++ libvirt-0.8.8-sasl/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-tls.args 2011-04-28 11:45:46.864741165 +0200
268	@@ -1,5 +1,5 @@
269	LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test \
270	-SASL_CONF_DIR=/root/.sasl2 QEMU_AUDIO_DRV=none /usr/bin/qemu -S -M pc -m 214 \
271	+SASL_CONF_DIR=/root/.sasl QEMU_AUDIO_DRV=none /usr/bin/qemu -S -M pc -m 214 \
272	-smp 1 -monitor unix:/tmp/test-monitor,server,nowait -no-acpi -boot c -hda \
273	/dev/HostVG/QEMUGuest1 -net none -serial none -parallel none -usb -vnc \
274	127.0.0.1:3,tls,x509verify=/etc/pki/tls/qemu,sasl
275	diff -ru libvirt-0.8.8/tests/qemuxml2argvtest.c libvirt-0.8.8-sasl/tests/qemuxml2argvtest.c
276	--- libvirt-0.8.8/tests/qemuxml2argvtest.c 2011-02-11 10:46:59.000000000 +0100
277	+++ libvirt-0.8.8-sasl/tests/qemuxml2argvtest.c 2011-04-28 11:45:46.767741165 +0200
278	@@ -335,7 +335,7 @@
279	DO_TEST("graphics-vnc-socket", 0, false);
280
281	driver.vncSASL = 1;
282	- driver.vncSASLdir = strdup("/root/.sasl2");
283	+ driver.vncSASLdir = strdup("/root/.sasl");
36a3330a	284	DO_TEST("graphics-vnc-sasl", false, QEMU_CAPS_VGA);
72b1baa0 JR	285	driver.vncTLS = 1;
72b1baa0 JR	286	driver.vncTLSx509verify = 1;