Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-93573

x0vncserver on RHEL 9.6 can no longer auth from passwordfile

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • rhel-9.7
    • rhel-9.6.z
    • tigervnc
    • None
    • tigervnc-1.15.0-4.el9
    • Yes
    • Important
    • ZStream
    • 2
    • rhel-display-applications
    • ssg_display
    • 14
    • 16
    • 3
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • Display - Sprint 4/2025, Display - Sprint 5/2025
    • Approved Blocker
    • Unspecified
    • Unspecified
    • Unspecified
    • x86_64
    • None

      What were you trying to do that didn't work?

      x0vncserver auth no longer working after upgrade from RHEL 9.4 EUS to RHEL 9.6 EUS.

      What is the impact of this issue to you?

      Was no longer able to start an RDP session for seat0. This has worked just fine since the RHEL8 times.

      Please provide the package NVR for which the bug is seen:

      I am not sure the issue is the actual tigervnc rpm. It might be a side effect of a library update.

      How reproducible is this bug?:

      Had is happen on all my freshly upgraded RHEL 9.6 EUS hosts.

      all hosts were previously on RHEL 9.4 EUS with kernel-5.14.0-427.68.2.el9_4.x86_64.

      All hosts were upgraded to RHEL 9.6 EUS with kernel kernel-5.14.0-570.17.1.el9_6.x86_64 on May 25th 2025.

      After that, VNC auth using x0vncserver no longer worked.

      Steps to reproduce

      1. create a vnc password for your user, e,g: vncpasswd
      2. start the vnc server with the password, e.g:
         /usr/bin/x0vncserver -rfbport 5891 -rfbauth /export/home/raistlin/.vnc/passwd or
        /usr/bin/x0vncserver -rfbport 5891 -PasswordFile /export/home/raistlin/.vnc/passwd -SecurityTypes VncAuth,None,Plain,TLSNone,TLSVnc -PlainUsers raistlin -Log "*:stderr:100"

       

      On RHEL 9.6, this was reporting:

       

       SConnection: processing security type message
 SConnection: Client requests security type VeNCrypt(19)
 SConnection: processing security message
 SConnection: processing security message
 SConnection: processing security message
 SVeNCrypt:   Client requests security type TLSVnc (258)
 TLS:         Process security message (session (nil))
 TLS:         Anonymous session has been set
 TLS:         Deferring completion of TLS handshake: Resource temporarily
              unavailable, try again.
 SConnection: processing security message
 TLS:         Process security message (session 0x55c3a4acf0e0)
 TLS:         Deferring completion of TLS handshake: Resource temporarily
              unavailable, try again.
 SConnection: processing security message
 TLS:         Process security message (session 0x55c3a4acf0e0)
 TLS:         TLS handshake completed with (TLS1.2)-(ANON-DH)-(AES-256-GCM)
Mon May 26 13:47:36 2025
 SConnection: processing security message
 SVncAuth:    reading password file
 VNCServerST: starting desktop
 XDesktop:    Enabling 8 buttons of X pointer device
 XDesktop:    Allocated shared memory image
 XDesktop:    Detected screen layout:
 XDesktop:    1 screen(s)
 XDesktop:        1804289383 (0x6b8b4567): 3840x2160+0+0 (flags 0x00000000)
 XDesktop:    
Mon May 26 13:47:47 2025
 VNCSConnST:  closing 10.0.129.244::45706: Authentication failure: Connection
              rejected by local user
 EncodeManager: Framebuffer updates: 0
 EncodeManager:   Total: 0 rects, 0 pixels

 

      Expected results

      A successful connection looks like this:

       

       SConnection: Client requests security type VeNCrypt(19)
 SConnection: Processing security message
 SConnection: Processing security message
 SConnection: Processing security message
 SVeNCrypt:   Client requests security type TLSVnc (258)
 TLS:         Process security message (session (nil))
 TLS:         Anonymous session has been set
 TLS:         Deferring completion of TLS handshake: Resource temporarily
              unavailable, try again.
 SConnection: Processing security message
 TLS:         Process security message (session 0x5583f14325c0)
 TLS:         Deferring completion of TLS handshake: Resource temporarily
              unavailable, try again.
 SConnection: Processing security message
 TLS:         Process security message (session 0x5583f14325c0)
 TLS:         TLS handshake completed with (TLS1.2)-(ANON-DH)-(AES-256-GCM)
Mon May 26 14:26:14 2025
 SConnection: Processing security message
 SVncAuth:    Reading password file
 VNCServerST: Starting desktop
 XDesktop:    Enabling 9 buttons of X pointer device
 XDesktop:    Allocated shared memory image
 XDesktop:    Detected screen layout:
 XDesktop:    1 screen(s)
 XDesktop:        1804289383 (0x6b8b4567): 3840x2160+0+0 (flags 0x00000000)
 XDesktop:    
 VNCSConnST:  Server default pixel format depth 24 (32bpp) little-endian rgb888
 SConnection: Reading client initialisation
 SConnection: Reading client initialisation
 VNCSConnST:  Client pixel format depth 24 (32bpp) little-endian rgb888
Mon May 26 14:26:26 2025
 VNCSConnST:  Closing 10.0.129.244::45530: Clean disconnection
 EncodeManager: Framebuffer updates: 27
 EncodeManager:   Tight:
 EncodeManager:     Solid: 197 rects, 1.28984 Mpixels
 EncodeManager:            3.07812 KiB (1:1637.6 ratio)
 EncodeManager:     Bitmap RLE: 121 rects, 44.431 kpixels
 EncodeManager:                 4.9248 KiB (1:35.5296 ratio)
 EncodeManager:     Indexed RLE: 344 rects, 2.92724 Mpixels
 EncodeManager:                  694.178 KiB (1:16.4778 ratio)
 EncodeManager:     Full Colour: 229 rects, 4.93448 Mpixels
 EncodeManager:                  3.36676 MiB (1:5.59179 ratio)
 EncodeManager:   Total: 891 rects, 9.19599 Mpixels
 EncodeManager:          4.05248 MiB (1:8.65892 ratio)
 Connections: Closed: 10.0.129.244::45530
 VNCServerST: Stopping desktop
 ComparingUpdateTracker: 17.8138 Mpixels in / 901.271 kpixels out
 ComparingUpdateTracker: (1:19.7652 ratio)

 

      Actual results

       

      As a workaround, I grabbed the latest tigervnc from Fedora which I rebuilt on RHEL 9.6 and things started working again:

      tigervnc-1.15.0-5.el9.src.rpm

      with:

      xkbcomp-1.4.7-3.el9.src.rpm and xorg-x11-font-utils-7.5-61.el9.src.rpm

        1. xorg-x11-font-utils-7.5-61.el9.src.rpm
          152 kB
        2. xkbcomp-1.4.7-3.el9.src.rpm
          242 kB
        3. tigervnc-1.15.0-5.el9.src.rpm
          2.06 MB

              jgrulich@redhat.com Jan Grulich
              vcojot@redhat.com Vincent Cojot
              Jan Grulich Jan Grulich
              Radek Duda Radek Duda
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

                Created:
                Updated: