Bug 634810 - No authentication after changing VNC password
Summary: No authentication after changing VNC password
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: kvm
Version: 5.6
Hardware: All
OS: Linux
Target Milestone: rc
: ---
Assignee: Gerd Hoffmann
QA Contact: Virtualization Bugs
Depends On:
Blocks: Rhel5KvmTier2
TreeView+ depends on / blocked
Reported: 2010-09-17 04:40 UTC by Amos Kong
Modified: 2015-05-25 00:06 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2010-11-10 16:40:46 UTC

Attachments (Terms of Use)

Description Amos Kong 2010-09-17 04:40:39 UTC
Description of problem:
Boot up a VM and execute monitor command "change vnc password", re-connect vnc port, but there is no authentication.

Version-Release number of selected component (if applicable):
kvm version: kvm-83-193.el5

How reproducible:

Steps to Reproduce:
1. boot up a guest
2. change vnc password
3. re-connect vnc port
Actual results:
no password authentication

Expected results:
need password authentication

Additional info:

# qemu-kvm -name 'vm1' -serial unix:'/tmp/serial-20100914-202648-KKQu',server,nowait -drive file='/home/devel/autotest/client/tests/kvm/images/win7-64-virtio.qcow2',index=0,if=virtio,media=disk,cache=none,boot=on,format=qcow2 -net nic,vlan=0,model=virtio,macaddr='02:8F:F3:8D:9e:1e' -net tap,vlan=0,ifname='virtio_0_8000',script='/home/devel/autotest/client/tests/kvm/scripts/qemu-ifup-switch',downscript='no' -m 3000 -smp 2 -drive file='/home/devel/autotest/client/tests/kvm/isos/windows/winutils.iso',media=cdrom,index=1 -cpu qemu64,+x2apic -soundhw ac97 -redir tcp:5000::10023 -vnc :0 -rtc-td-hack -M rhel5.5.0 -usbdevice tablet

Comment 1 Gerd Hoffmann 2010-11-10 16:40:46 UTC
Use '-vnc :0,password' to turn on password authentication.

Comment 2 Amos Kong 2010-11-11 04:46:43 UTC
(In reply to comment #1)
> Use '-vnc :0,password' to turn on password authentication.

Hi Hoffmann,

When I boot up guest with '-vnc :0' (without ',password') in RHEL6, the authentication also works. I'm not sure if it's normal.

Comment 3 Gerd Hoffmann 2010-11-11 09:45:06 UTC
Yes, the upstream qemu behavior has changed at some point that setting a password implicitly turns on password authentication.  RHEL-5 has the old behavior, RHEL-6 the new.

If you want a password-protected vnc session you are better explicitly say so using the password flag even in RHEL-6, otherwise there is a window (between starting qemu and setting the password) where it is possible to connect without authentication.

IMHO there is no good reason to make RHEL-5 match RHEL-6 behaviour, so I'll rather leave it as-is to avoid unpleasant surprises.

Note You need to log in before you can comment on or make changes to this bug.