<html>
    <head>
      <base href="https://bugs.freedesktop.org/" />
    </head>
    <body>
      <p>
        <div>
            <b><a class="bz_bug_link 
          bz_status_ASSIGNED "
   title="ASSIGNED - Use correct SASL service name"
   href="https://bugs.freedesktop.org/show_bug.cgi?id=92918#c10">Comment # 10</a>
              on <a class="bz_bug_link 
          bz_status_ASSIGNED "
   title="ASSIGNED - Use correct SASL service name"
   href="https://bugs.freedesktop.org/show_bug.cgi?id=92918">bug 92918</a>
              from <span class="vcard"><a class="email" href="mailto:mkasik@redhat.com" title="Marek Kasik <mkasik@redhat.com>"> <span class="fn">Marek Kasik</span></a>
</span></b>
        <pre>(In reply to Christophe Fergeau from <a href="show_bug.cgi?id=92918#c9">comment #9</a>)
<span class="quote">> (In reply to Marek Kasik from <a href="show_bug.cgi?id=92918#c8">comment #8</a>)
> > Thank you for pointing me there. SASL creates the path to the configuration
> > file from the "appname" passed to it which is "qemu" when running qemu (see
> > <a href="https://cgit.cyrus.foundation/cyrus-sasl/tree/lib/server.c#n653">https://cgit.cyrus.foundation/cyrus-sasl/tree/lib/server.c#n653</a>). stracing
> > qemu shows that it really opened the /etc/sasl2/qemu.conf instead of the
> > /etc/sasl2/spice.conf so it could not find the correct keytab file. Not
> > allowing the application to initialize the "appname" makes the
> > authentication working.
> 
> I don't understand what you mean by "it could not find the correct keytab
> file"? Do you refer to the keytab: /etc/qemu/krb5.tab field in
> /etc/sasl2/qemu.conf?</span >

Yes, I was referring to the line which specifies the keytab file in the sasl
service config file. 

<span class="quote">> Is there anything wrong with using this keytab file
> rather than /etc/spice/something.tab?</span >

It should be at least possible if we will create the "/etc/sasl2/spice.conf"
which can configure the keytab file.

Btw, I used FreeIPA's guide to create the keytab and the command
"ipa-getkeytab" doesn't allow me to create keytab with more than 1 principal
(see
<a href="https://docs.fedoraproject.org/en-US/Fedora/15/html/FreeIPA_Guide/Configuring_Service_Principals-Creating_and_Using_Service_Principals.html">https://docs.fedoraproject.org/en-US/Fedora/15/html/FreeIPA_Guide/Configuring_Service_Principals-Creating_and_Using_Service_Principals.html</a>).</pre>
        </div>
      </p>
      <hr>
      <span>You are receiving this mail because:</span>
      
      <ul>
          <li>You are the assignee for the bug.</li>
      </ul>
    </body>
</html>