diff --git a/.gitignore b/.gitignore
index 0780546914..7d24dc3f5a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -158,6 +158,7 @@
 /src/remote/*_client_bodies.h
 /src/remote/*_protocol.[ch]
 /src/remote/*_stubs.h
+/src/remote/libvirtd.conf
 /src/remote/test_libvirtd.aug
 /src/rpc/virkeepaliveprotocol.[ch]
 /src/rpc/virnetprotocol.[ch]
diff --git a/src/remote/Makefile.inc.am b/src/remote/Makefile.inc.am
index a77b59a171..d7e614c476 100644
--- a/src/remote/Makefile.inc.am
+++ b/src/remote/Makefile.inc.am
@@ -76,7 +76,7 @@ EXTRA_DIST += \
 	$(LIBVIRTD_SOURCES) \
 	remote/test_libvirtd.aug.in \
 	remote/libvirtd.aug \
-	remote/libvirtd.conf \
+	remote/libvirtd.conf.in \
 	remote/libvirtd.policy \
 	remote/libvirtd.rules \
 	remote/libvirtd.sasl \
@@ -93,6 +93,9 @@ MAINTAINERCLEANFILES += \
 	$(REMOTE_DRIVER_GENERATED) \
 	$(LIBVIRTD_GENERATED) \
 	$(NULL)
+CLEANFILES += \
+	remote/libvirtd.conf \
+	$(NULL)
 
 if WITH_REMOTE
 noinst_LTLIBRARIES += libvirt_driver_remote.la
@@ -128,7 +131,7 @@ augeas_DATA += remote/libvirtd.aug
 
 augeastest_DATA += remote/test_libvirtd.aug
 
-conf_DATA += remote/libvirtd.conf
+nodist_conf_DATA += remote/libvirtd.conf
 
 man8_MANS += libvirtd.8
 
@@ -179,6 +182,13 @@ libvirtd_LDADD += \
 	$(LIBSOCKET) \
 	$(NULL)
 
+remote/libvirtd.conf: remote/libvirtd.conf.in
+	$(AM_V_GEN)$(SED) \
+		-e '/[@]CUT_ENABLE_IP[@]/d' \
+		-e '/[@]END[@]/d' \
+		-e 's|[@]DAEMON_NAME[@]|libvirtd|' \
+		$< > $@
+
 INSTALL_DATA_DIRS += remote
 
 install-data-remote:
@@ -189,7 +199,7 @@ uninstall-data-remote:
 
 remote/test_libvirtd.aug: remote/test_libvirtd.aug.in \
 		remote/libvirtd.conf $(AUG_GENTEST)
-	$(AM_V_GEN)$(AUG_GENTEST) $(srcdir)/remote/libvirtd.conf $< > $@
+	$(AM_V_GEN)$(AUG_GENTEST) remote/libvirtd.conf $< > $@
 
 if WITH_SYSCTL
 # Use $(prefix)/lib rather than $(libdir), since man sysctl.d insists on
diff --git a/src/remote/libvirtd.conf b/src/remote/libvirtd.conf.in
similarity index 95%
rename from src/remote/libvirtd.conf
rename to src/remote/libvirtd.conf.in
index b63b8d61b7..e351a8c190 100644
--- a/src/remote/libvirtd.conf
+++ b/src/remote/libvirtd.conf.in
@@ -1,13 +1,14 @@
 # Master libvirt daemon configuration file
 #
 
+@CUT_ENABLE_IP@
 #################################################################
 #
 # Network connectivity controls
 #
 
 # Flag listening for secure TLS connections on the public TCP/IP port.
-# NB, must pass the --listen flag to the libvirtd process for this to
+# NB, must pass the --listen flag to the @DAEMON_NAME@ process for this to
 # have any effect.
 #
 # This setting is not required or honoured if using systemd socket
@@ -20,7 +21,7 @@
 #listen_tls = 0
 
 # Listen for unencrypted TCP connections on the public TCP/IP port.
-# NB, must pass the --listen flag to the libvirtd process for this to
+# NB, must pass the --listen flag to the @DAEMON_NAME@ process for this to
 # have any effect.
 #
 # This setting is not required or honoured if using systemd socket
@@ -58,13 +59,14 @@
 # This setting is not required or honoured if using systemd socket
 # activation.
 #
-# If the libvirtd service is started in parallel with network
+# If the @DAEMON_NAME@ service is started in parallel with network
 # startup (e.g. with systemd), binding to addresses other than
 # the wildcards (0.0.0.0/::) might not be available yet.
 #
 #listen_addr = "192.168.0.1"
 
 
+@END@
 #################################################################
 #
 # UNIX socket access controls
@@ -157,6 +159,7 @@
 # If the unix_sock_rw_perms are changed you may wish to enable
 # an authentication mechanism here
 #auth_unix_rw = "none"
+@CUT_ENABLE_IP@
 
 # Change the authentication scheme for TCP sockets.
 #
@@ -174,6 +177,7 @@
 # It is possible to make use of any SASL authentication
 # mechanism as well, by using 'sasl' for this option
 #auth_tls = "none"
+@END@
 
 
 # Change the API access control scheme
@@ -182,10 +186,11 @@
 # to all APIs. Access drivers can place restrictions
 # on this. By default the 'nop' driver is enabled,
 # meaning no access control checks are done once a
-# client has authenticated with libvirtd
+# client has authenticated with @DAEMON_NAME@
 #
 #access_drivers = [ "polkit" ]
 
+@CUT_ENABLE_IP@
 #################################################################
 #
 # TLS x509 certificate configuration
@@ -225,15 +230,17 @@
 
 
 
+@END@
 #################################################################
 #
 # Authorization controls
 #
 
 
+@CUT_ENABLE_IP@
 # Flag to disable verification of our own server certificates
 #
-# When libvirtd starts it performs some sanity checks against
+# When @DAEMON_NAME@ starts it performs some sanity checks against
 # its own certificates.
 #
 # Default is to always run sanity checks. Uncommenting this
@@ -265,6 +272,15 @@
 #tls_allowed_dn_list = ["DN1", "DN2"]
 
 
+# Override the compile time default TLS priority string. The
+# default is usually "NORMAL" unless overridden at build time.
+# Only set this is it is desired for libvirt to deviate from
+# the global default settings.
+#
+#tls_priority="NORMAL"
+
+
+@END@
 # A whitelist of allowed SASL usernames. The format for username
 # depends on the SASL authentication mechanism. Kerberos usernames
 # look like username@REALM
@@ -282,14 +298,6 @@
 #sasl_allowed_username_list = ["joe@EXAMPLE.COM", "fred@EXAMPLE.COM" ]
 
 
-# Override the compile time default TLS priority string. The
-# default is usually "NORMAL" unless overridden at build time.
-# Only set this is it is desired for libvirt to deviate from
-# the global default settings.
-#
-#tls_priority="NORMAL"
-
-
 #################################################################
 #
 # Processing controls
@@ -417,8 +425,8 @@
 #    4: ERROR
 #
 # Multiple outputs can be defined, they just need to be separated by spaces.
-# e.g. to log all warnings and errors to syslog under the libvirtd ident:
-#log_outputs="3:syslog:libvirtd"
+# e.g. to log all warnings and errors to syslog under the @DAEMON_NAME@ ident:
+#log_outputs="3:syslog:@DAEMON_NAME@"
 
 
 ##################################################################
@@ -461,7 +469,7 @@
 
 ###################################################################
 # Keepalive protocol:
-# This allows libvirtd to detect broken client connections or even
+# This allows @DAEMON_NAME@ to detect broken client connections or even
 # dead clients.  A keepalive message is sent to a client after
 # keepalive_interval seconds of inactivity to check if the client is
 # still responding; keepalive_count is a maximum number of keepalive
@@ -470,7 +478,7 @@
 # words, the connection is automatically closed approximately after
 # keepalive_interval * (keepalive_count + 1) seconds since the last
 # message received from the client.  If keepalive_interval is set to
-# -1, libvirtd will never send keepalive requests; however clients
+# -1, @DAEMON_NAME@ will never send keepalive requests; however clients
 # can still send them and the daemon will send responses.  When
 # keepalive_count is set to 0, connections will be automatically
 # closed after keepalive_interval seconds of inactivity without
diff --git a/src/remote/test_libvirtd.aug.in b/src/remote/test_libvirtd.aug.in
index 6c51b7b9e7..d768b30b55 100644
--- a/src/remote/test_libvirtd.aug.in
+++ b/src/remote/test_libvirtd.aug.in
@@ -29,11 +29,11 @@ module Test_libvirtd =
              { "1" = "DN1"}
              { "2" = "DN2"}
         }
+        { "tls_priority" = "NORMAL" }
         { "sasl_allowed_username_list"
              { "1" = "joe@EXAMPLE.COM" }
              { "2" = "fred@EXAMPLE.COM" }
         }
-        { "tls_priority" = "NORMAL" }
         { "max_clients" = "5000" }
         { "max_queued_clients" = "1000" }
         { "max_anonymous_clients" = "20" }