On Wed, 13 Feb 2002, SI Reasoning wrote:
> > Whenever a screen is xlocked (xscreensaver, etc...), > > anyone just has to > > press Ctrl-Alt-Backspace to get re-logged in as the > > previous user, but > > without the screen locked. (See > > > http://www.google.com/search?q=autorelogin%20security) > > > > IMO, this should be turned off by default! > > (AutoReLogin=false in kdmrc) > > > > or maybe made a bit smarter, such as if password > authentication is checked in Xscreensaver then when it > autorelogins the Xsceensaver is automatically > activated. Or maybe send it to the screensaver > automatically regardless. I don't like the AutoReLogin feature. The X server (and process holding the session) should be stable. If it's not it has to be corrected. Relaunching a session automatically to pretend it's not nearly crashed is playing masquerade. But since it exists, there must be some way to make it better. IMHO, the real point here is: as long as a desktop session cannot be fully saved and restored, the AutoReLogin feature will be kind of flakey. This is the real point to improve. I have a suggestion (maybe it's what you thought, but here it is explicit): any screensaver may want to create a particular file (for example ~/.screen-locked -- common to all screen saver programs) to indicate that the screen is currently locked. If this file is present when the screensaver starts, it locks without waiting. When unlocking, the file is removed. It is not autorelogin's job to be aware of all particular screensavers, but it's up the the screensavers to agree to a (simple) way of telling that the screen was locked at the time X crashed. Hence I include a copy to the xscreensaver and kscreensaver maintainers. Thank you for your attention. -- St�phane Gourichon - Labo. d'Informatique de Paris 6 - AnimatLab http://animatlab.lip6.fr - philo du dimanche http://amphi-gouri.org/
