On Fri, Aug 17, 2018 at 07:31:03PM +0200, Marc-André Lureau wrote: > VNC server is calling sasl_server_init() during startup of QEMU, even > if SASL auth has not been enabled. > > This may create undesirable warnings like "Could not find keytab file: > /etc/qemu/krb5.tab" when the user didn't configure SASL on host and > started VNC server. > > Instead, only initialize SASL when needed. Note that HMP/QMP "change > vnc" calls vnc_display_open() again, which will initialize SASL if > needed.
I could have sworn we had a way to change the VNC auth method on the fly without restarting the whole server, but I can't find it now, so must have been imagining it :-) > > Related to: > https://bugzilla.redhat.com/show_bug.cgi?id=1609327 > > Signed-off-by: Marc-André Lureau <marcandre.lur...@redhat.com> > --- > ui/vnc.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/ui/vnc.c b/ui/vnc.c > index 359693238b..fc507d7f36 100644 > --- a/ui/vnc.c > +++ b/ui/vnc.c > @@ -4054,7 +4054,7 @@ void vnc_display_open(const char *id, Error **errp) > trace_vnc_auth_init(vd, 1, vd->ws_auth, vd->ws_subauth); > > #ifdef CONFIG_VNC_SASL > - if ((saslErr = sasl_server_init(NULL, "qemu")) != SASL_OK) { > + if (sasl && ((saslErr = sasl_server_init(NULL, "qemu")) != SASL_OK)) { > error_setg(errp, "Failed to initialize SASL auth: %s", > sasl_errstring(saslErr, NULL, NULL)); > goto fail; Reviewed-by: Daniel P. Berrangé <berra...@redhat.com> Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
