I've run into the same block. Has anyone found a workaround for this bug?

One potential workaround is to just run a vncserver at the shell prompt (tight vncserver for instance). It allows password protection. Then direct all your qemu VMs to not create their own VNC server but just use SDL with your X11 DISPLAY set to the VNC server you launched.

Interesting approach. I will have to try that. Unfortunately, this server is headless and without X... for now, I'm going to stick with Xen which gives me better performance and has more VNC options.

I haven't needed this before, but I think that I would fix it with a SSH-tunnel. This would allow you to use passwords as well as certificates (eg. secret keyfiles) to access your server and it would also encrypt your VNC-traffic on your LAN...

I'm thinking about something like the following:
1. Setup SSHd on your KVM-server.
2. Block all incoming connections to VNC, except from localhost.
3. Create a tunnel from a client to your server with something like:
ssh -N -L 5901:localhost:5901 ssh_user@kvm_server

This will create a encrypted tunnel from port 5901 (VNC port 1) on your server to 5901 on your client.
4. On your client connect with VNC through the encrypted SSH-tunnel:
vncviewer localhost:1

5. Make sure that your client blocks incomming connections, so other people can't connect to your VNC-service running on your client :)

You can probably do this in a smarter way to make it a one-line command, but I'm too tired to think it through now ;)

Best Regards
Kenni

...I just tested it out myself, for some reason the VNC-connection is much faster through SSH (with standard settings) than when making the connection directly. And if you optimize it by using the blowfish-algoritm, it will be even faster:
ssh -c blowfish-cbc -N -L 5901:localhost:5901 ssh_user@kvm_server

...and now I just found out that vncviewer support such SSH-connections out-of the box :-D

New easier solution:
1. Setup SSHd on your KVM-server.
2. Block all incoming connections to VNC, except from localhost.
3. Connect from your client with:
vncviewer -via ssh_user@kvm_server localhost:1

Best Regards
Kenni

...and you probably don't even need to block the incoming connections to VNC, it seems like you can setup VNC to only listen on for connections from localhost, if you add an argument like:

listen='127.0.0.1'

to the vnc-line in your xml-file.

Kenni

Try not by the side of home this beneficial ave with the purpose of complete a straightforward annul mobile phone search with the aim of cell phone lookup hit upon elsewhere who is bringing up the rear to mobile phone number. And you can as well pay out this phone number search with the intention of complete a phone search on with the intention of liar. Along with even by means of a annul search can complete the rearrange cellular phone method the paramount thing you be able to eternally get something done rider you assume on the area of it in our day.