Package: libvirt Version: 0.8.3-1 Severity: normal Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu natty ubuntu-patch
The sasl system in Debian uses /etc/sasl as the first directory on the path with /usr/lib/sasl2 as the second. It doesn't look in /etc/sasl2. The attached patch to the Ubuntu version of the package changes the relevant references to /etc/sasl2 to /etc/sasl so that sasl will pick up the configuration correctly. *** /tmp/tmpMEGO91 In Ubuntu, we've applied the attached patch to achieve the following: * debian/patches/9024-fix-sasl-config-directory.patch: Ensure that references to SASL configuration files mention /etc/sasl and example configurations go into that directory (LP: #546745) We thought you might be interested in doing the same. -- System Information: Debian Release: squeeze/sid APT prefers maverick-updates APT policy: (500, 'maverick-updates'), (500, 'maverick-security'), (500, 'maverick') Architecture: amd64 (x86_64) Kernel: Linux 2.6.35-23-generic (SMP w/2 CPU cores) Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash
diff -Nru libvirt-0.8.5/debian/changelog libvirt-0.8.5/debian/changelog diff -Nru libvirt-0.8.5/debian/libvirt-bin.install libvirt-0.8.5/debian/libvirt-bin.install --- libvirt-0.8.5/debian/libvirt-bin.install 2010-11-12 16:36:02.000000000 +0000 +++ libvirt-0.8.5/debian/libvirt-bin.install 2010-12-24 14:54:59.000000000 +0000 @@ -5,7 +5,7 @@ etc/apparmor.d/usr.lib.libvirt.virt-aa-helper etc/apparmor.d/usr.sbin.libvirtd etc/libvirt/* -etc/sasl2/* +etc/sasl2/* etc/sasl usr/share/polkit-1/* usr/lib/libvirt/* usr/share/augeas/* diff -Nru libvirt-0.8.5/debian/patches/9024-fix-sasl-config-directory.patch libvirt-0.8.5/debian/patches/9024-fix-sasl-config-directory.patch --- libvirt-0.8.5/debian/patches/9024-fix-sasl-config-directory.patch 1970-01-01 01:00:00.000000000 +0100 +++ libvirt-0.8.5/debian/patches/9024-fix-sasl-config-directory.patch 2010-12-24 14:52:38.000000000 +0000 @@ -0,0 +1,63 @@ +## Description: add some description +## Origin/Author: add some origin or author +## Bug: bug URL +--- a/daemon/libvirtd.conf ++++ b/daemon/libvirtd.conf +@@ -111,7 +111,7 @@ + # the network providing auth (eg, TLS/x509 certificates) + # + # - sasl: use SASL infrastructure. The actual auth scheme is then +-# controlled from /etc/sasl2/libvirt.conf. For the TCP ++# controlled from /etc/sasl/libvirt.conf. For the TCP + # socket only GSSAPI & DIGEST-MD5 mechanisms will be used. + # For non-TCP or TLS sockets, any scheme is allowed. + # +@@ -142,7 +142,7 @@ + # If you don't enable SASL, then all TCP traffic is cleartext. + # Don't do this outside of a dev/test scenario. For real world + # use, always enable SASL and use the GSSAPI or DIGEST-MD5 +-# mechanism in /etc/sasl2/libvirt.conf ++# mechanism in /etc/sasl/libvirt.conf + #auth_tcp = "sasl" + + # Change the authentication scheme for TLS sockets. +--- a/docs/auth.html ++++ b/docs/auth.html +@@ -261,7 +261,7 @@ + The plain TCP socket of the libvirt daemon defaults to using SASL for authentication. + The SASL mechanism configured by default is DIGEST-MD5, which provides a basic + username+password style authentication. To enable Kerberos single-sign-on instead, +-the libvirt SASL configuration file must be changed. This is <code>/etc/sasl2/libvirt.conf</code>. ++the libvirt SASL configuration file must be changed. This is <code>/etc/sasl/libvirt.conf</code>. + The <code>mech_list</code> parameter must first be changed to <code>gssapi</code> + instead of the default <code>digest-md5</code>. If SASL is enabled on the UNIX + and/or TLS sockets, Kerberos will also be used for them. Like DIGEST-MD5, the Kerberos +--- a/docs/auth.html.in ++++ b/docs/auth.html.in +@@ -115,7 +115,7 @@ + The plain TCP socket of the libvirt daemon defaults to using SASL for authentication. + The SASL mechanism configured by default is DIGEST-MD5, which provides a basic + username+password style authentication. To enable Kerberos single-sign-on instead, +-the libvirt SASL configuration file must be changed. This is <code>/etc/sasl2/libvirt.conf</code>. ++the libvirt SASL configuration file must be changed. This is <code>/etc/sasl/libvirt.conf</code>. + The <code>mech_list</code> parameter must first be changed to <code>gssapi</code> + instead of the default <code>digest-md5</code>. If SASL is enabled on the UNIX + and/or TLS sockets, Kerberos will also be used for them. Like DIGEST-MD5, the Kerberos +--- a/src/qemu/qemu.conf ++++ b/src/qemu/qemu.conf +@@ -65,13 +65,13 @@ + # Examples include vinagre, virt-viewer and virt-manager + # itself. UltraVNC, RealVNC, TightVNC do not support this + # +-# It is necessary to configure /etc/sasl2/qemu.conf to choose ++# It is necessary to configure /etc/sasl/qemu.conf to choose + # the desired SASL plugin (eg, GSSPI for Kerberos) + # + # vnc_sasl = 1 + + +-# The default SASL configuration file is located in /etc/sasl2/ ++# The default SASL configuration file is located in /etc/sasl/ + # When running libvirtd unprivileged, it may be desirable to + # override the configs in this location. Set this parameter to + # point to the directory, and create a qemu.conf in that location diff -Nru libvirt-0.8.5/debian/patches/series libvirt-0.8.5/debian/patches/series --- libvirt-0.8.5/debian/patches/series 2010-11-16 20:12:55.000000000 +0000 +++ libvirt-0.8.5/debian/patches/series 2010-12-24 14:48:36.000000000 +0000 @@ -20,3 +20,4 @@ 9021-fix-uint64_t.patch 9022-build-cleanup-declaration-of-xen-tests.patch 9023-vah-require-uuid.patch +9024-fix-sasl-config-directory.patch
