Comment 7 for bug 1371655

Wile the caching in this case is unexpected changing the behavior would require a patch to polkit as it hard codes the expiration time to 5 mins.

Note that in order for this to be an issue the following must occur:

- device owner sets a new passcode
 - if the screen timeout causes a suspend (defaults to 2 mins) a code must be entered in the login screen
 - if the owner presses the power button then a code must be entered in the login screen
 - if the polkit timeout expires (5 mins) a code must be entered in settings

So the second user would need to get possession of the phone within 2-5 mins after the owner changed the code, and immediately set security to swipe, then set security to a new code. Trying to set a new code directly will also prompt for the old code.