----- Messaggio originale -----

> Da: Darrell Anderson <darrella@...>
> A: trinity-devel@...
> Cc: 
> Inviato: Domenica 10 Novembre 2013 9:06
> Oggetto: Re: [trinity-devel] Possible security glitch with switching users?
> 
>> I don't know whether this is a security glitch or PEBKAC.
>> 
>> I was testing the graphical login with TDM:
>> 
>> * I logged in as User 1.
>> * From the TDE menu I selected Switch User->Start New Session.
>> * I logged in as User 2.
>> * I switched to User 1 *without* needing a password.
>> * I switched to User 2 and needed a password.
>> * I typed the password, switched to User 1, and needed a password.
>> 
>> I repeated this exercise three times with a system reboot each 
>> time. Each time the first instance of switching did not require a 
>> password.
>> 
>> Further, I was not always asked for a password on subsequent 
>> switching, especially when I used the keyboard toggles of Ctrl-Alt-
>> 
>> F7 and Ctrl-Alt-F8.
>> 
>> SAK is disabled.
>> 
>> I only used Switch User->Start New Session. I did not use Switch 
>> User->Lock Current & Start New Session.
>> 
>> Thoughts?
> 
> BTW, seems to me there should be no password required when using 
> 'Start New Session' --- that is what the 'Lock Current & Start 
> New 
> Session' option should be for?
> 
> Darrell
> 

Darrell, how long did you work in one session before switching to the other one? Just wondering if there is some kind of inactivity timer that locks a session when not being used for a while. That may explain the different behavior you have seen, even though it sounds a little weird to say the least