1 diff -ru libvirt-0.8.8/daemon/libvirtd.conf libvirt-0.8.8-sasl/daemon/libvirtd.conf
2 --- libvirt-0.8.8/daemon/libvirtd.conf 2010-12-20 14:35:22.000000000 +0100
3 +++ libvirt-0.8.8-sasl/daemon/libvirtd.conf 2011-04-28 11:45:47.727741165 +0200
5 # the network providing auth (eg, TLS/x509 certificates)
7 # - sasl: use SASL infrastructure. The actual auth scheme is then
8 -# controlled from /etc/sasl2/libvirt.conf. For the TCP
9 +# controlled from /etc/sasl/libvirt.conf. For the TCP
10 # socket only GSSAPI & DIGEST-MD5 mechanisms will be used.
11 # For non-TCP or TLS sockets, any scheme is allowed.
14 # If you don't enable SASL, then all TCP traffic is cleartext.
15 # Don't do this outside of a dev/test scenario. For real world
16 # use, always enable SASL and use the GSSAPI or DIGEST-MD5
17 -# mechanism in /etc/sasl2/libvirt.conf
18 +# mechanism in /etc/sasl/libvirt.conf
21 # Change the authentication scheme for TLS sockets.
22 diff -ru libvirt-0.8.8/daemon/Makefile.am libvirt-0.8.8-sasl/daemon/Makefile.am
23 --- libvirt-0.8.8/daemon/Makefile.am 2011-01-31 02:30:59.000000000 +0100
24 +++ libvirt-0.8.8-sasl/daemon/Makefile.am 2011-04-28 11:45:47.703741165 +0200
26 # the WITH_LIBVIRTD conditional
29 - $(MKDIR_P) $(DESTDIR)$(sysconfdir)/sasl2/
30 - $(INSTALL_DATA) $(srcdir)/libvirtd.sasl $(DESTDIR)$(sysconfdir)/sasl2/libvirt.conf
31 + $(MKDIR_P) $(DESTDIR)$(sysconfdir)/sasl/
32 + $(INSTALL_DATA) $(srcdir)/libvirtd.sasl $(DESTDIR)$(sysconfdir)/sasl/libvirt.conf
35 - rm -f $(DESTDIR)$(sysconfdir)/sasl2/libvirt.conf
36 - rmdir $(DESTDIR)$(sysconfdir)/sasl2/ || :
37 + rm -f $(DESTDIR)$(sysconfdir)/sasl/libvirt.conf
38 + rmdir $(DESTDIR)$(sysconfdir)/sasl/ || :
42 diff -ru libvirt-0.8.8/daemon/test_libvirtd.aug libvirt-0.8.8-sasl/daemon/test_libvirtd.aug
43 diff -ru libvirt-0.8.8/docs/auth.html libvirt-0.8.8-sasl/docs/auth.html
44 --- libvirt-0.8.8/docs/auth.html 2011-02-17 05:13:12.000000000 +0100
45 +++ libvirt-0.8.8-sasl/docs/auth.html 2011-04-28 11:45:43.429741167 +0200
47 The plain TCP socket of the libvirt daemon defaults to using SASL for authentication.
48 The SASL mechanism configured by default is DIGEST-MD5, which provides a basic
49 username+password style authentication. To enable Kerberos single-sign-on instead,
50 -the libvirt SASL configuration file must be changed. This is <code>/etc/sasl2/libvirt.conf</code>.
51 +the libvirt SASL configuration file must be changed. This is <code>/etc/sasl/libvirt.conf</code>.
52 The <code>mech_list</code> parameter must first be changed to <code>gssapi</code>
53 instead of the default <code>digest-md5</code>. If SASL is enabled on the UNIX
54 and/or TLS sockets, Kerberos will also be used for them. Like DIGEST-MD5, the Kerberos
55 diff -ru libvirt-0.8.8/docs/auth.html.in libvirt-0.8.8-sasl/docs/auth.html.in
56 --- libvirt-0.8.8/docs/auth.html.in 2010-12-20 14:35:22.000000000 +0100
57 +++ libvirt-0.8.8-sasl/docs/auth.html.in 2011-04-28 11:45:43.586741167 +0200
59 The plain TCP socket of the libvirt daemon defaults to using SASL for authentication.
60 The SASL mechanism configured by default is DIGEST-MD5, which provides a basic
61 username+password style authentication. To enable Kerberos single-sign-on instead,
62 -the libvirt SASL configuration file must be changed. This is <code>/etc/sasl2/libvirt.conf</code>.
63 +the libvirt SASL configuration file must be changed. This is <code>/etc/sasl/libvirt.conf</code>.
64 The <code>mech_list</code> parameter must first be changed to <code>gssapi</code>
65 instead of the default <code>digest-md5</code>. If SASL is enabled on the UNIX
66 and/or TLS sockets, Kerberos will also be used for them. Like DIGEST-MD5, the Kerberos
67 diff -ru libvirt-0.8.8/libvirt.spec libvirt-0.8.8-sasl/libvirt.spec
68 --- libvirt-0.8.8/libvirt.spec 2011-02-17 05:13:09.000000000 +0100
69 +++ libvirt-0.8.8-sasl/libvirt.spec 2011-04-28 11:45:43.675741167 +0200
71 %dir %attr(0755, root, root) %{_localstatedir}/lib/libvirt/
74 -%config(noreplace) %{_sysconfdir}/sasl2/libvirt.conf
75 +%config(noreplace) %{_sysconfdir}/sasl/libvirt.conf
79 diff -ru libvirt-0.8.8/libvirt.spec.in libvirt-0.8.8-sasl/libvirt.spec.in
80 --- libvirt-0.8.8/libvirt.spec.in 2011-02-17 05:10:58.000000000 +0100
81 +++ libvirt-0.8.8-sasl/libvirt.spec.in 2011-04-28 11:45:43.672741167 +0200
83 %dir %attr(0755, root, root) %{_localstatedir}/lib/libvirt/
86 -%config(noreplace) %{_sysconfdir}/sasl2/libvirt.conf
87 +%config(noreplace) %{_sysconfdir}/sasl/libvirt.conf
91 --- libvirt-0.9.13/src/qemu/qemu.conf.orig 2012-05-31 16:23:22.000000000 +0200
92 +++ libvirt-0.9.13/src/qemu/qemu.conf 2012-07-08 11:37:16.366378718 +0200
94 # Examples include vinagre, virt-viewer and virt-manager
95 # itself. UltraVNC, RealVNC, TightVNC do not support this
97 -# It is necessary to configure /etc/sasl2/qemu.conf to choose
98 +# It is necessary to configure /etc/sasl/qemu.conf to choose
99 # the desired SASL plugin (eg, GSSPI for Kerberos)
104 -# The default SASL configuration file is located in /etc/sasl2/
105 +# The default SASL configuration file is located in /etc/sasl/
106 # When running libvirtd unprivileged, it may be desirable to
107 # override the configs in this location. Set this parameter to
108 # point to the directory, and create a qemu.conf in that location
110 -#vnc_sasl_dir = "/some/directory/sasl2"
111 +#vnc_sasl_dir = "/some/directory/sasl"
114 # QEMU implements an extension for providing audio over a VNC connection,
115 diff -ru libvirt-0.8.8/src/qemu/test_libvirtd_qemu.aug libvirt-0.8.8-sasl/src/qemu/test_libvirtd_qemu.aug
116 diff -ru libvirt-0.8.8/tests/confdata/libvirtd.conf libvirt-0.8.8-sasl/tests/confdata/libvirtd.conf
117 --- libvirt-0.8.8/tests/confdata/libvirtd.conf 2010-05-27 14:03:22.000000000 +0200
118 +++ libvirt-0.8.8-sasl/tests/confdata/libvirtd.conf 2011-04-28 11:45:46.878741165 +0200
120 # the network providing auth (eg, TLS/x509 certificates)
122 # - sasl: use SASL infrastructure. The actual auth scheme is then
123 -# controlled from /etc/sasl2/libvirt.conf. For the TCP
124 +# controlled from /etc/sasl/libvirt.conf. For the TCP
125 # socket only GSSAPI & DIGEST-MD5 mechanisms will be used.
126 # For non-TCP or TLS sockets, any scheme is allowed.
129 # If you don't enable SASL, then all TCP traffic is cleartext.
130 # Don't do this outside of a dev/test scenario. For real world
131 # use, always enable SASL and use the GSSAPI or DIGEST-MD5
132 -# mechanism in /etc/sasl2/libvirt.conf
133 +# mechanism in /etc/sasl/libvirt.conf
136 # Change the authentication scheme for TLS sockets.
137 diff -ru libvirt-0.8.8/tests/confdata/libvirtd.out libvirt-0.8.8-sasl/tests/confdata/libvirtd.out
138 --- libvirt-0.8.8/tests/confdata/libvirtd.out 2010-05-27 14:03:22.000000000 +0200
139 +++ libvirt-0.8.8-sasl/tests/confdata/libvirtd.out 2011-04-28 11:45:46.875741165 +0200
141 # the network providing auth (eg, TLS/x509 certificates)
143 # - sasl: use SASL infrastructure. The actual auth scheme is then
144 -# controlled from /etc/sasl2/libvirt.conf. For the TCP
145 +# controlled from /etc/sasl/libvirt.conf. For the TCP
146 # socket only GSSAPI & DIGEST-MD5 mechanisms will be used.
147 # For non-TCP or TLS sockets, any scheme is allowed.
150 # If you don't enable SASL, then all TCP traffic is cleartext.
151 # Don't do this outside of a dev/test scenario. For real world
152 # use, always enable SASL and use the GSSAPI or DIGEST-MD5
153 -# mechanism in /etc/sasl2/libvirt.conf
154 +# mechanism in /etc/sasl/libvirt.conf
156 # Change the authentication scheme for TLS sockets.
158 diff -ru libvirt-0.8.8/tests/qemuargv2xmltest.c libvirt-0.8.8-sasl/tests/qemuargv2xmltest.c
159 --- libvirt-0.8.8/tests/qemuargv2xmltest.c 2011-01-24 03:59:21.000000000 +0100
160 +++ libvirt-0.8.8-sasl/tests/qemuargv2xmltest.c 2011-04-28 11:45:46.964741165 +0200
162 DO_TEST("graphics-vnc-socket");
165 - driver.vncSASLdir = strdup("/root/.sasl2");
166 + driver.vncSASLdir = strdup("/root/.sasl");
167 DO_TEST("graphics-vnc-sasl");
169 driver.vncTLSx509verify = 1;
170 diff -ru libvirt-0.8.8/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-sasl.args libvirt-0.8.8-sasl/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-sasl.args
171 --- libvirt-0.8.8/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-sasl.args 2011-02-03 15:05:31.000000000 +0100
172 +++ libvirt-0.8.8-sasl/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-sasl.args 2011-04-28 11:45:46.860741165 +0200
174 LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test \
175 -SASL_CONF_DIR=/root/.sasl2 QEMU_AUDIO_DRV=none /usr/bin/qemu -S -M pc -m 214 \
176 +SASL_CONF_DIR=/root/.sasl QEMU_AUDIO_DRV=none /usr/bin/qemu -S -M pc -m 214 \
177 -smp 1 -monitor unix:/tmp/test-monitor,server,nowait -no-acpi -boot c -hda \
178 /dev/HostVG/QEMUGuest1 -net none -serial none -parallel none -usb -vnc \
179 127.0.0.1:3,sasl -vga cirrus
180 diff -ru libvirt-0.8.8/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-tls.args libvirt-0.8.8-sasl/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-tls.args
181 --- libvirt-0.8.8/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-tls.args 2011-02-03 15:05:31.000000000 +0100
182 +++ libvirt-0.8.8-sasl/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-tls.args 2011-04-28 11:45:46.864741165 +0200
184 LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test \
185 -SASL_CONF_DIR=/root/.sasl2 QEMU_AUDIO_DRV=none /usr/bin/qemu -S -M pc -m 214 \
186 +SASL_CONF_DIR=/root/.sasl QEMU_AUDIO_DRV=none /usr/bin/qemu -S -M pc -m 214 \
187 -smp 1 -monitor unix:/tmp/test-monitor,server,nowait -no-acpi -boot c -hda \
188 /dev/HostVG/QEMUGuest1 -net none -serial none -parallel none -usb -vnc \
189 127.0.0.1:3,tls,x509verify=/etc/pki/tls/qemu,sasl
190 diff -ru libvirt-0.8.8/tests/qemuxml2argvtest.c libvirt-0.8.8-sasl/tests/qemuxml2argvtest.c
191 --- libvirt-0.8.8/tests/qemuxml2argvtest.c 2011-02-11 10:46:59.000000000 +0100
192 +++ libvirt-0.8.8-sasl/tests/qemuxml2argvtest.c 2011-04-28 11:45:46.767741165 +0200
194 DO_TEST("graphics-vnc-socket", 0, false);
197 - driver.vncSASLdir = strdup("/root/.sasl2");
198 + driver.vncSASLdir = strdup("/root/.sasl");
199 DO_TEST("graphics-vnc-sasl", false, QEMU_CAPS_VGA);
201 driver.vncTLSx509verify = 1;