Any version of dev-libs/cyrus-sasl in the tree fails to use the proper keytab name as set in /etc/sasl2/service.conf, when cyrus-sasl is compiled with mit-krb5 support. I suspect this does not happen with heimdal but I have not tested it.

Reproducible: Always

Steps to Reproduce:
1. Install libvirt with sasl and kerberos enabled globally
2. Configure libvirt to use sasl for authentication. set these in libvirtd.conf: auth_tcp = "sasl", listen_tls = 0, listen_tcp = 1
3. Enable kerberos in /etc/sasl2/libvirt.conf: mech_list: gssapi; keytab: /etc/libvirt/krb5.tab
4. Start libvirtd *manually* (the init scripts sets KRB5_KTNAME which completely overrides the other setting in the sasl config file). sudo /usr/sbin/libvirtd --daemon
5. Of course, make sure you have a libvirt/$(hostname -f) keytab in /etc/libvirt/krb5.tab
6. Try to connect to the instance with "virsh -c qemu+tcp://$HOSTNAME/system list"
virsh -c qemu+tcp://$HOSTNAME/system

Actual Results:  
> virsh -c qemu+tcp://$HOSTNAME/system list
error: authentication failed
error: failed to connect to the hypervisor

Expected Results:  
> virsh -c qemu+tcp://$HOSTNAME/system list 
 Id Name                 State
----------------------------------



There is already a patch available that is applied in Fedora. I tried adding it to the dev-libs/cyrus-sasl-2.1.23-r1 ebuild and it works flawlessly.

I demonstrated one issue I had with libvirt but it has an easy workaround - setting the environment variable KRB5_KTNAME in the init script. However, when configuring sasl and kerberos for qemu, this becomes a real problem, since the environment variables passed to qemu are decided by the libvirt daemon.