reassign -1 lightdm 1.18.3-1
retitle -1 Screensaver lock can be skipped using lightdm autologin
feature
Hi,
On 2017-02-06 10:25, Ivar Smolin wrote:
If user locks the screen with cinnamon-screensaver, the password dialog
can be skipped if lightdm autologin feature is enabled.
I've verified that this is exactly the same if the user uses the KDE
screensaver, so I'm reassigning the bug to lightdm.
Scenario:
1. Lock the screen
2. Use "Switch users" button to activate the lightdm screen
3. Wait until lightdm autologin timeout is over
4. User desktop is activated
While I understand that this might be confusing and not what the user
expects (in some very specific situations), I don't think this is a
"security" bug. It seems to me that this is basically working as
intended, and that changing the behavior is a feature request to allow
very specific usecases (i.e. not having to type 2 passwords if your disk
is encrypted or having a session start automatically and then get locked
automatically).
Still, I'll let the lightdm maintainers decide on that.
--
Regards,
Marga