Ubuntu
indicator-session package

When multiple users are logged in, users can be switched without going to login screen

Bug #837490 reported by Doug McMahon
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Session Menu
New
Undecided
Unassigned
indicator-session (Ubuntu)
New
Undecided
Unassigned

Bug Description

Thereby bypassing the need to enter a users password
admin-to-doug1 screen shows picking doug1 from indicator, I'm then logged into a perfectly usable doug1 session, no password required
From doug1 I then can likewise login to doug (admin), again without password. Sometimes completely use-able, other times ranges from un-useable to semi-useable
screen semi-useable shows that
What I'm expecting is that whenever switching users, logged in or not, to be brought to login screen to enter the user's password

ProblemType: Bug
DistroRelease: Ubuntu 11.10
Package: indicator-session 0.3.3.2-0ubuntu1
ProcVersionSignature: Ubuntu 3.0.0-9.14-generic 3.0.3
Uname: Linux 3.0.0-9-generic i686
NonfreeKernelModules: nvidia
Architecture: i386
Date: Tue Aug 30 11:36:05 2011
InstallationMedia: Ubuntu 11.10 "Oneiric Ocelot" - Alpha i386 (20110826.1)
ProcEnviron:
 PATH=(custom, user)
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SourcePackage: indicator-session
UpgradeStatus: No upgrade log present (probably fresh install)

Revision history for this message
Doug McMahon (mc3man) wrote :
Revision history for this message
Doug McMahon (mc3man) wrote :
Revision history for this message
Doug McMahon (mc3man) wrote :

Still see the same on a beta 1 install, the only diff. is that when a 'standard' user switches to the still logged in admin user that the session will be completely usable, - the no password needed still happening

Revision history for this message
Doug McMahon (mc3man) wrote :

This also includes a guest user who can switch to any other logged in user, no password needed (also can bypass a locked screen. Maybe this is intended, doesn't seem to make much sense. (see similar in 11.04 except guest is restricted.
If the "Switch from <username> always goes to the login screen (password then required), why is it allowed to just click on a user and go directly to their login

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.