This issue is caused by the Users and Groups utility which is part of
`gnome-system-tools`. When changing the password from "Asked on logon"
to "Not asked on logon" the user is added to the `nopasswdlogin` group
and this is what causes the switch-user screen to not ask for a
password.
If you select the option to not require a password to login during
installation, it is not possible to bypass authentication when switching
users. This is because `autologin-user` is set to your username in
`/etc/lightdm/lightdm.conf` and that works correctly.
`gnome-system-tools` was originally included in Ubuntu MATE because it
offers user and time management features. But it can now be removed from
the Ubuntu MATE default install because recent versions of MATE Control
Center provide user and time management.
** Changed in: ubuntu-mate-meta (Ubuntu)
Status: Triaged => In Progress
** Summary changed:
- Lock screen can be bypassed when auto-login is enabled.
+ Lock screen can be bypassed when auto-login is enabled via gnome-system-tools
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lightdm in Ubuntu.
https://bugs.launchpad.net/bugs/1706770
Title:
Lock screen can be bypassed when auto-login is enabled via gnome-
system-tools
Status in arctica-greeter package in Ubuntu:
Invalid
Status in gnome-system-tools package in Ubuntu:
Triaged
Status in lightdm package in Ubuntu:
Invalid
Status in mate-screensaver package in Ubuntu:
Invalid
Status in mate-session-manager package in Ubuntu:
Invalid
Status in ubuntu-mate-meta package in Ubuntu:
In Progress
Bug description:
16.04 LTS
=========
Hi,
My machine is set up with full-disk encryption, so it requires a
password when I boot it up. Because of this I thought I would enable
auto-login to avoid having to enter two passwords at boot.
When I leave my computer for short periods of time, I lock it. I
thought this was working fine for a long time, but I've discovered the
lock screen is actually easily bypassable when auto-login is enabled.
All one has to do is click "Switch User" on the lock screen, then
press "Unlock" and the computer unlocks without prompting for a
password.
Perhaps this is just me being an idiot, but I thought this was secure
until now. It seems like either unlocking should always require a
password (otherwise what's the point of locking in the first place) or
it should be made totally obvious that unlocking doesn't actually
require a password (i.e. removing the password box from the lock
screen when auto-login is enabled).
Thanks,
Chris
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/arctica-greeter/+bug/1706770/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
