Bug 634810 - No authentication after changing VNC password
No authentication after changing VNC password
Status: CLOSED NOTABUG
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: kvm (Show other bugs)
5.6
All Linux
medium Severity high
: rc
: ---
Assigned To: Gerd Hoffmann
Virtualization Bugs
:
Depends On:
Blocks: Rhel5KvmTier2
  Show dependency treegraph
 
Reported: 2010-09-17 00:40 EDT by Amos Kong
Modified: 2015-05-24 20:06 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-11-10 11:40:46 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Amos Kong 2010-09-17 00:40:39 EDT
Description of problem:
Boot up a VM and execute monitor command "change vnc password", re-connect vnc port, but there is no authentication.

Version-Release number of selected component (if applicable):
kvm version: kvm-83-193.el5

How reproducible:
100%

Steps to Reproduce:
1. boot up a guest
2. change vnc password
3. re-connect vnc port
  
Actual results:
no password authentication

Expected results:
need password authentication

Additional info:

# qemu-kvm -name 'vm1' -serial unix:'/tmp/serial-20100914-202648-KKQu',server,nowait -drive file='/home/devel/autotest/client/tests/kvm/images/win7-64-virtio.qcow2',index=0,if=virtio,media=disk,cache=none,boot=on,format=qcow2 -net nic,vlan=0,model=virtio,macaddr='02:8F:F3:8D:9e:1e' -net tap,vlan=0,ifname='virtio_0_8000',script='/home/devel/autotest/client/tests/kvm/scripts/qemu-ifup-switch',downscript='no' -m 3000 -smp 2 -drive file='/home/devel/autotest/client/tests/kvm/isos/windows/winutils.iso',media=cdrom,index=1 -cpu qemu64,+x2apic -soundhw ac97 -redir tcp:5000::10023 -vnc :0 -rtc-td-hack -M rhel5.5.0 -usbdevice tablet
Comment 1 Gerd Hoffmann 2010-11-10 11:40:46 EST
Use '-vnc :0,password' to turn on password authentication.
Comment 2 Amos Kong 2010-11-10 23:46:43 EST
(In reply to comment #1)
> Use '-vnc :0,password' to turn on password authentication.

Hi Hoffmann,

When I boot up guest with '-vnc :0' (without ',password') in RHEL6, the authentication also works. I'm not sure if it's normal.
Comment 3 Gerd Hoffmann 2010-11-11 04:45:06 EST
Yes, the upstream qemu behavior has changed at some point that setting a password implicitly turns on password authentication.  RHEL-5 has the old behavior, RHEL-6 the new.

If you want a password-protected vnc session you are better explicitly say so using the password flag even in RHEL-6, otherwise there is a window (between starting qemu and setting the password) where it is possible to connect without authentication.

IMHO there is no good reason to make RHEL-5 match RHEL-6 behaviour, so I'll rather leave it as-is to avoid unpleasant surprises.

Note You need to log in before you can comment on or make changes to this bug.