Description of problem:
The help for 'vnc_password' in qemu.conf states "An empty string will still enable passwords, but be rejected by QEMU effectively preventing any use of VNC.".
Yet if you set vnc_password="" then you can access the VNC console without any password prompt at all - just as you can if the entry is hashed out.
Version-Release number of selected component (if applicable):
libvirtd (libvirt) 0.8.3
Every time by configuration
Steps to Reproduce:
1. Create a VNC console without a password.
2. Set vnc_password="" in /etc/libvirt/qemu.conf
3. Start up a guest and access the VNC console with a client.
You get straight into the console with no prompts.
Should have come up with a prompt and rejected the access. Or the instructions in the qemu.conf file need changing to take account of the current behaviour.
Similarly if you set the passwd attribute to '' in the vnc graphics XML stanza.
This is not a libvirt bug. This is caused by a flaw in particular QEMU version you are using, which silently disables auth when the password is set to "". This bug was introduced in QEMU in this bogus commit
Author: Zachary Amsden <email@example.com>
Date: Thu Jul 30 00:15:01 2009 -1000
When using stdio monitor and VNC display, one can set or clear a VNC password; this should set or turn off VNC authentication as well.