----- Messaggio originale -----
Da: Darrell Anderson darrella@hushmail.com A: trinity-devel@lists.pearsoncomputing.net Cc: Inviato: Domenica 10 Novembre 2013 9:06 Oggetto: Re: [trinity-devel] Possible security glitch with switching users?
I don't know whether this is a security glitch or PEBKAC.
I was testing the graphical login with TDM:
- I logged in as User 1.
- From the TDE menu I selected Switch User->Start New Session.
- I logged in as User 2.
- I switched to User 1 *without* needing a password.
- I switched to User 2 and needed a password.
- I typed the password, switched to User 1, and needed a password.
I repeated this exercise three times with a system reboot each time. Each time the first instance of switching did not require a password.
Further, I was not always asked for a password on subsequent switching, especially when I used the keyboard toggles of Ctrl-Alt-
F7 and Ctrl-Alt-F8.
SAK is disabled.
I only used Switch User->Start New Session. I did not use Switch User->Lock Current & Start New Session.
Thoughts?
BTW, seems to me there should be no password required when using 'Start New Session' --- that is what the 'Lock Current & Start New Session' option should be for?
Darrell
Darrell, how long did you work in one session before switching to the other one? Just wondering if there is some kind of inactivity timer that locks a session when not being used for a while. That may explain the different behavior you have seen, even though it sounds a little weird to say the least
AFAIK "Start New Session" does not lock the current session, whereas selecting an existing session will lock the current session. On my systems there is a second menu entry for "Lock Current & Start New Session" if it is desired to lock the screen before starting the new session.
Tim