I've noticed the behavior described by this LSN with libvirt+Xen. Config containing <graphics type='vnc' passwd=''/> allows any client to connect with no authentication check. I asked about this on the Xen security list and was told that "libxl interprets an empty password in the caller's configuration to mean that passwordless access should be permitted". The libvirt domXML docs are not clear on semantics of empty vnc password, only stating "The passwd attribute provides a VNC password in clear text". Should the libvirt domXML vnc passwd documentation be amended to define the semantics of an empty string in the passwd attribute? Is the behavior hypervisor-dependent as the documentation in qemu.conf suggests? Regards, Jim -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list