Wile the caching in this case is unexpected changing the behavior would require a patch to polkit as it hard codes the expiration time to 5 mins.
Note that in order for this to be an issue the following must occur: - device owner sets a new passcode - if the screen timeout causes a suspend (defaults to 2 mins) a code must be entered in the login screen - if the owner presses the power button then a code must be entered in the login screen - if the polkit timeout expires (5 mins) a code must be entered in settings So the second user would need to get possession of the phone within 2-5 mins after the owner changed the code, and immediately set security to swipe, then set security to a new code. Trying to set a new code directly will also prompt for the old code. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1371655 Title: [system settings] allows to change lock security without asking for passcode To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-ux/+bug/1371655/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
