From 68d08cf2f20099a78358cf11b2131752602ddbd0 Mon Sep 17 00:00:00 2001
From: Andrea Bolognani <abologna@redhat.com>
Date: Wed, 1 Apr 2020 20:46:37 +0200
Subject: [PATCH] remote: Drop KRB5_KTNAME override
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

When the comment in libvirtd.sasl was last updated with

  commit fe772f24a6809b3d937ed6547cbaa9d820e514b6
  Author: Cole Robinson <crobinso@redhat.com>
  Date:   Sat Oct 20 14:10:03 2012 -0400

    daemon: Avoid 'Could not find keytab file' in syslog

it was noted that only old versions of kerberos would need the
environment variable to be set: that was more than seven years
ago, so it's safe to assume that none of our current target
platforms still requires that hack and setting the appropriate
key in the configuration file will be enough.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
---
 src/remote/libvirtd.init.in   | 1 -
 src/remote/libvirtd.sasl      | 4 +---
 src/remote/libvirtd.sysconf   | 3 ---
 src/remote/virtproxyd.init.in | 1 -
 4 files changed, 1 insertion(+), 8 deletions(-)

diff --git a/src/remote/libvirtd.init.in b/src/remote/libvirtd.init.in
index b708befbc5..91228db411 100644
--- a/src/remote/libvirtd.init.in
+++ b/src/remote/libvirtd.init.in
@@ -7,7 +7,6 @@ LIBVIRTD_TIMEOUT=${LIBVIRTD_TERMTIMEOUT:-"TERM/25/KILL/5"}
 
 command="@sbindir@/libvirtd"
 command_args="-d ${LIBVIRTD_OPTS}"
-start_stop_daemon_args="--env KRB5_KTNAME=/etc/libvirt/krb5.tab"
 pidfile="@runstatedir@/libvirtd.pid"
 retry="${LIBVIRTD_TERMTIMEOUT}"
 
diff --git a/src/remote/libvirtd.sasl b/src/remote/libvirtd.sasl
index 9e7699c75a..7a45470a9d 100644
--- a/src/remote/libvirtd.sasl
+++ b/src/remote/libvirtd.sasl
@@ -33,9 +33,7 @@ mech_list: gssapi
 #   qemu+tcp://hostname/system?auth=sasl.gssapi
 #mech_list: scram-sha-1 gssapi
 
-# Some older builds of MIT kerberos on Linux ignore this option &
-# instead need KRB5_KTNAME env var.
-# For modern Linux, and other OS, this should be sufficient
+# File containing the service principal for libvirtd
 #
 keytab: /etc/libvirt/krb5.tab
 
diff --git a/src/remote/libvirtd.sysconf b/src/remote/libvirtd.sysconf
index ee9db22bab..18aec1ba67 100644
--- a/src/remote/libvirtd.sysconf
+++ b/src/remote/libvirtd.sysconf
@@ -11,9 +11,6 @@ LIBVIRTD_ARGS="--timeout 120"
 # can be used to listen on TCP/TLS sockets
 #LIBVIRTD_ARGS="--listen"
 
-# Override Kerberos service keytab for SASL/GSSAPI
-#KRB5_KTNAME=/etc/libvirt/krb5.tab
-
 # Override the QEMU/SDL default audio driver probing when
 # starting virtual machines using SDL graphics
 #
diff --git a/src/remote/virtproxyd.init.in b/src/remote/virtproxyd.init.in
index b644c084a9..436b2b6c0d 100644
--- a/src/remote/virtproxyd.init.in
+++ b/src/remote/virtproxyd.init.in
@@ -7,7 +7,6 @@ VIRTPROXYD_TIMEOUT=${VIRTPROXYD_TERMTIMEOUT:-"TERM/25/KILL/5"}
 
 command="@sbindir@/virtproxyd"
 command_args="-d ${VIRTPROXYD_OPTS}"
-start_stop_daemon_args="--env KRB5_KTNAME=/etc/libvirt/krb5.tab"
 pidfile="@runstatedir@/virtproxyd.pid"
 retry="${VIRTPROXYD_TERMTIMEOUT}"