Re: [trinity-devel] Possible security glitch with switching users?

I don't know whether this is a security glitch or PEBKAC.

I was testing the graphical login with TDM:

• I logged in as User 1.
• From the TDE menu I selected Switch User->Start New Session.
• I logged in as User 2.
• I switched to User 1 *without* needing a password.
• I switched to User 2 and needed a password.
• I typed the password, switched to User 1, and needed a password.

I repeated this exercise three times with a system reboot each time. Each time the first instance of switching did not require a password.

Further, I was not always asked for a password on subsequent switching, especially when I used the keyboard toggles of Ctrl-Alt-

F7 and Ctrl-Alt-F8.

SAK is disabled.

I only used Switch User->Start New Session. I did not use Switch User->Lock Current & Start New Session.

Thoughts?

BTW, seems to me there should be no password required when using 'Start New Session' --- that is what the 'Lock Current & Start New Session' option should be for?

Darrell