9 Nov
2013
9 Nov
'13
8:45 p.m.
----- Messaggio originale -----
Da: Darrell Anderson <darrella(a)hushmail.com>
A: trinity-devel(a)lists.pearsoncomputing.net
Cc:
Inviato: Domenica 10 Novembre 2013 9:06
Oggetto: Re: [trinity-devel] Possible security glitch with switching users?
Darrell, how long did you work in one session before switching to the other one? Just
wondering if there is some kind of inactivity timer that locks a session when not being
used for a while. That may explain the different behavior you have seen, even though it
sounds a little weird to say the least
I don't know whether this is a security
glitch or PEBKAC.
I was testing the graphical login with TDM:
* I logged in as User 1.
* From the TDE menu I selected Switch User->Start New Session.
* I logged in as User 2.
* I switched to User 1 *without* needing a password.
* I switched to User 2 and needed a password.
* I typed the password, switched to User 1, and needed a password.
I repeated this exercise three times with a system reboot each
time. Each time the first instance of switching did not require a
password.
Further, I was not always asked for a password on subsequent
switching, especially when I used the keyboard toggles of Ctrl-Alt-
F7 and Ctrl-Alt-F8.
SAK is disabled.
I only used Switch User->Start New Session. I did not use Switch
User->Lock Current & Start New Session.
Thoughts?
BTW, seems to me there should be no password required when using
'Start New Session' --- that is what the 'Lock Current & Start
New
Session' option should be for?
Darrell