> > > ----- Messaggio originale ----- > >> Da: Darrell Anderson <darrella@...> >> A: trinity-devel@... >> Cc: >> Inviato: Domenica 10 Novembre 2013 9:06 >> Oggetto: Re: [trinity-devel] Possible security glitch with switching >> users? >> >>> I don't know whether this is a security glitch or PEBKAC. >>> >>> I was testing the graphical login with TDM: >>> >>> * I logged in as User 1. >>> * From the TDE menu I selected Switch User->Start New Session. >>> * I logged in as User 2. >>> * I switched to User 1 *without* needing a password. >>> * I switched to User 2 and needed a password. >>> * I typed the password, switched to User 1, and needed a password. >>> >>> I repeated this exercise three times with a system reboot each >>> time. Each time the first instance of switching did not require a >>> password. >>> >>> Further, I was not always asked for a password on subsequent >>> switching, especially when I used the keyboard toggles of Ctrl-Alt- >>> >>> F7 and Ctrl-Alt-F8. >>> >>> SAK is disabled. >>> >>> I only used Switch User->Start New Session. I did not use Switch >>> User->Lock Current & Start New Session. >>> >>> Thoughts? >> >> BTW, seems to me there should be no password required when using >> 'Start New Session' --- that is what the 'Lock Current & Start >> New >> Session' option should be for? >> >> Darrell >> > > Darrell, how long did you work in one session before switching to the > other one? Just wondering if there is some kind of inactivity timer that > locks a session when not being used for a while. That may explain the > different behavior you have seen, even though it sounds a little weird to > say the least AFAIK "Start New Session" does not lock the current session, whereas selecting an existing session will lock the current session. On my systems there is a second menu entry for "Lock Current & Start New Session" if it is desired to lock the screen before starting the new session. Tim