Bug 634810

Summary: No authentication after changing VNC password
Product: Red Hat Enterprise Linux 5 Reporter: Amos Kong <akong>
Component: kvmAssignee: Gerd Hoffmann <kraxel>
Status: CLOSED NOTABUG QA Contact: Virtualization Bugs <virt-bugs>
Severity: high Docs Contact:
Priority: medium    
Version: 5.6CC: ailan, mkenneth, virt-maint, ykaul
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-11-10 16:40:46 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 580948    

Description Amos Kong 2010-09-17 04:40:39 UTC 
Description of problem:
Boot up a VM and execute monitor command "change vnc password", re-connect vnc port, but there is no authentication.

Version-Release number of selected component (if applicable):
kvm version: kvm-83-193.el5

How reproducible:
100%

Steps to Reproduce:
1. boot up a guest
2. change vnc password
3. re-connect vnc port
  
Actual results:
no password authentication

Expected results:
need password authentication

Additional info:

# qemu-kvm -name 'vm1' -serial unix:'/tmp/serial-20100914-202648-KKQu',server,nowait -drive file='/home/devel/autotest/client/tests/kvm/images/win7-64-virtio.qcow2',index=0,if=virtio,media=disk,cache=none,boot=on,format=qcow2 -net nic,vlan=0,model=virtio,macaddr='02:8F:F3:8D:9e:1e' -net tap,vlan=0,ifname='virtio_0_8000',script='/home/devel/autotest/client/tests/kvm/scripts/qemu-ifup-switch',downscript='no' -m 3000 -smp 2 -drive file='/home/devel/autotest/client/tests/kvm/isos/windows/winutils.iso',media=cdrom,index=1 -cpu qemu64,+x2apic -soundhw ac97 -redir tcp:5000::10023 -vnc :0 -rtc-td-hack -M rhel5.5.0 -usbdevice tablet
Comment 1 Gerd Hoffmann 2010-11-10 16:40:46 UTC 
Use '-vnc :0,password' to turn on password authentication.
Comment 2 Amos Kong 2010-11-11 04:46:43 UTC 
(In reply to comment #1)
> Use '-vnc :0,password' to turn on password authentication.

Hi Hoffmann,

When I boot up guest with '-vnc :0' (without ',password') in RHEL6, the authentication also works. I'm not sure if it's normal.
Comment 3 Gerd Hoffmann 2010-11-11 09:45:06 UTC 
Yes, the upstream qemu behavior has changed at some point that setting a password implicitly turns on password authentication.  RHEL-5 has the old behavior, RHEL-6 the new.

If you want a password-protected vnc session you are better explicitly say so using the password flag even in RHEL-6, otherwise there is a window (between starting qemu and setting the password) where it is possible to connect without authentication.

IMHO there is no good reason to make RHEL-5 match RHEL-6 behaviour, so I'll rather leave it as-is to avoid unpleasant surprises.