Bug 667097 - vnc_password does not behave as advertised.
Summary: vnc_password does not behave as advertised.
Alias: None
Product: Virtualization Tools
Classification: Community
Component: libvirt
Version: unspecified
Hardware: x86_64
OS: Linux
Target Milestone: ---
Assignee: Daniel Veillard
QA Contact:
Depends On:
TreeView+ depends on / blocked
Reported: 2011-01-04 12:30 UTC by Neil Wilson
Modified: 2011-01-07 14:45 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2011-01-07 14:45:34 UTC

Attachments (Terms of Use)

Description Neil Wilson 2011-01-04 12:30:55 UTC
Description of problem:

The help for 'vnc_password' in qemu.conf states "An empty string will still enable passwords, but be rejected by QEMU effectively preventing any use of VNC.".

Yet if you set vnc_password="" then you can access the VNC console without any password prompt at all - just as you can if the entry is hashed out.

Version-Release number of selected component (if applicable):

libvirtd (libvirt) 0.8.3

How reproducible:

Every time by configuration

Steps to Reproduce:
1. Create a VNC console without a password.
2. Set vnc_password="" in /etc/libvirt/qemu.conf
3. Start up a guest and access the VNC console with a client. 
Actual results:

You get straight into the console with no prompts.

Expected results:

Should have come up with a prompt and rejected the access. Or the instructions in the qemu.conf file need changing to take account of the current behaviour.

Additional info:

Comment 1 Neil Wilson 2011-01-04 12:48:32 UTC
Similarly if you set the passwd attribute to '' in the vnc graphics XML stanza.

Comment 2 Daniel Berrangé 2011-01-07 14:45:34 UTC
This is not a libvirt bug. This is caused by a flaw in particular QEMU version you are using, which silently disables auth when the password is set to "". This bug was introduced in QEMU in this bogus commit

commit 52c18be9e99dabe295321153fda7fce9f76647ac
Author: Zachary Amsden <zamsden@redhat.com>
Date:   Thu Jul 30 00:15:01 2009 -1000

    When using stdio monitor and VNC display, one can set or clear a VNC password; this should set or turn off VNC authentication as well.

Note You need to log in before you can comment on or make changes to this bug.