qemu.conf claims: # The default VNC password. Only 8 letters are significant for # VNC passwords. This parameter is only used if the per-domain # XML config does not already provide a password. To allow # access without passwords, leave this commented out. # An empty # string will still enable passwords, but be rejected by QEMU, # effectively preventing any use of VNC. => This seems to be wrong, and empty string "" leads to an empty password being accepted. For spice_password it works however as described. # Obviously change this # example here before you set this. As long as VNC/SPICE cannot be used via UNIX sockets, you should really allow disabling either of both completely for security reasons. Cheers, Chris.
*** This bug has been marked as a duplicate of bug 1180092 ***