9 Nov
2013
9 Nov
'13
4:06 p.m.
I don't know whether this is a security glitch or
PEBKAC.
I was testing the graphical login with TDM:
* I logged in as User 1.
* From the TDE menu I selected Switch User->Start New Session.
* I logged in as User 2.
* I switched to User 1 *without* needing a password.
* I switched to User 2 and needed a password.
* I typed the password, switched to User 1, and needed a password.
I repeated this exercise three times with a system reboot each
time. Each time the first instance of switching did not require a
password.
Further, I was not always asked for a password on subsequent
switching, especially when I used the keyboard toggles of Ctrl-Alt-
F7 and Ctrl-Alt-F8.
SAK is disabled.
I only used Switch User->Start New Session. I did not use Switch
User->Lock Current & Start New Session.
Thoughts?
BTW, seems to me there should be no password required when using
'Start New Session' --- that is what the 'Lock Current & Start New
Session' option should be for?
Darrell
9 Nov
9 Nov
8:45 p.m.
New subject: [trinity-devel] Possible security glitch with switching users?
----- Messaggio originale -----
Da: Darrell Anderson <darrella(a)hushmail.com>
A: trinity-devel(a)lists.pearsoncomputing.net
Cc:
Inviato: Domenica 10 Novembre 2013 9:06
Oggetto: Re: [trinity-devel] Possible security glitch with switching users?
Darrell, how long did you work in one session before switching to the other one? Just
wondering if there is some kind of inactivity timer that locks a session when not being
used for a while. That may explain the different behavior you have seen, even though it
sounds a little weird to say the least
I don't know whether this is a security
glitch or PEBKAC.
I was testing the graphical login with TDM:
* I logged in as User 1.
* From the TDE menu I selected Switch User->Start New Session.
* I logged in as User 2.
* I switched to User 1 *without* needing a password.
* I switched to User 2 and needed a password.
* I typed the password, switched to User 1, and needed a password.
I repeated this exercise three times with a system reboot each
time. Each time the first instance of switching did not require a
password.
Further, I was not always asked for a password on subsequent
switching, especially when I used the keyboard toggles of Ctrl-Alt-
F7 and Ctrl-Alt-F8.
SAK is disabled.
I only used Switch User->Start New Session. I did not use Switch
User->Lock Current & Start New Session.
Thoughts?
BTW, seems to me there should be no password required when using
'Start New Session' --- that is what the 'Lock Current & Start
New
Session' option should be for?
Darrell
9:53 p.m.
New subject: [trinity-devel] Possible security glitch with switching users?
----- Messaggio originale -----
AFAIK "Start New Session" does not lock the current session, whereas
selecting an existing session will lock the current session. On my systems
there is a second menu entry for "Lock Current & Start New Session" if it
is desired to lock the screen before starting the new session.
Tim
Da: Darrell Anderson
<darrella(a)hushmail.com>
A: trinity-devel(a)lists.pearsoncomputing.net
Cc:
Inviato: Domenica 10 Novembre 2013 9:06
Oggetto: Re: [trinity-devel] Possible security glitch with switching
users?
Darrell, how long did you work in one session before switching to the
other one? Just wondering if there is some kind of inactivity timer that
locks a session when not being used for a while. That may explain the
different behavior you have seen, even though it sounds a little weird to
say the least I don't know whether this is a security
glitch or PEBKAC.
I was testing the graphical login with TDM:
* I logged in as User 1.
* From the TDE menu I selected Switch User->Start New Session.
* I logged in as User 2.
* I switched to User 1 *without* needing a password.
* I switched to User 2 and needed a password.
* I typed the password, switched to User 1, and needed a password.
I repeated this exercise three times with a system reboot each
time. Each time the first instance of switching did not require a
password.
Further, I was not always asked for a password on subsequent
switching, especially when I used the keyboard toggles of Ctrl-Alt-
F7 and Ctrl-Alt-F8.
SAK is disabled.
I only used Switch User->Start New Session. I did not use Switch
User->Lock Current & Start New Session.
Thoughts?
BTW, seems to me there should be no password required when using
'Start New Session' --- that is what the 'Lock Current & Start
New
Session' option should be for?
Darrell
4033
days inactive
4033
days old
2 comments
3 participants
participants (3)
-
Darrell Anderson -
Michele Calgaro -
Timothy Pearson