Description of problem: The help for 'vnc_password' in qemu.conf states "An empty string will still enable passwords, but be rejected by QEMU effectively preventing any use of VNC.". Yet if you set vnc_password="" then you can access the VNC console without any password prompt at all - just as you can if the entry is hashed out. Version-Release number of selected component (if applicable): libvirtd (libvirt) 0.8.3 How reproducible: Every time by configuration Steps to Reproduce: 1. Create a VNC console without a password. 2. Set vnc_password="" in /etc/libvirt/qemu.conf 3. Start up a guest and access the VNC console with a client. Actual results: You get straight into the console with no prompts. Expected results: Should have come up with a prompt and rejected the access. Or the instructions in the qemu.conf file need changing to take account of the current behaviour. Additional info:
Similarly if you set the passwd attribute to '' in the vnc graphics XML stanza.
This is not a libvirt bug. This is caused by a flaw in particular QEMU version you are using, which silently disables auth when the password is set to "". This bug was introduced in QEMU in this bogus commit commit 52c18be9e99dabe295321153fda7fce9f76647ac Author: Zachary Amsden <zamsden> Date: Thu Jul 30 00:15:01 2009 -1000 When using stdio monitor and VNC display, one can set or clear a VNC password; this should set or turn off VNC authentication as well.