Red Hat Bugzilla – Bug 634810
No authentication after changing VNC password
Last modified: 2015-05-24 20:06:01 EDT
Description of problem:
Boot up a VM and execute monitor command "change vnc password", re-connect vnc port, but there is no authentication.
Version-Release number of selected component (if applicable):
kvm version: kvm-83-193.el5
Steps to Reproduce:
1. boot up a guest
2. change vnc password
3. re-connect vnc port
no password authentication
need password authentication
# qemu-kvm -name 'vm1' -serial unix:'/tmp/serial-20100914-202648-KKQu',server,nowait -drive file='/home/devel/autotest/client/tests/kvm/images/win7-64-virtio.qcow2',index=0,if=virtio,media=disk,cache=none,boot=on,format=qcow2 -net nic,vlan=0,model=virtio,macaddr='02:8F:F3:8D:9e:1e' -net tap,vlan=0,ifname='virtio_0_8000',script='/home/devel/autotest/client/tests/kvm/scripts/qemu-ifup-switch',downscript='no' -m 3000 -smp 2 -drive file='/home/devel/autotest/client/tests/kvm/isos/windows/winutils.iso',media=cdrom,index=1 -cpu qemu64,+x2apic -soundhw ac97 -redir tcp:5000::10023 -vnc :0 -rtc-td-hack -M rhel5.5.0 -usbdevice tablet
Use '-vnc :0,password' to turn on password authentication.
(In reply to comment #1)
> Use '-vnc :0,password' to turn on password authentication.
When I boot up guest with '-vnc :0' (without ',password') in RHEL6, the authentication also works. I'm not sure if it's normal.
Yes, the upstream qemu behavior has changed at some point that setting a password implicitly turns on password authentication. RHEL-5 has the old behavior, RHEL-6 the new.
If you want a password-protected vnc session you are better explicitly say so using the password flag even in RHEL-6, otherwise there is a window (between starting qemu and setting the password) where it is possible to connect without authentication.
IMHO there is no good reason to make RHEL-5 match RHEL-6 behaviour, so I'll rather leave it as-is to avoid unpleasant surprises.