Strange behaviour - possibility to bypass the password

I have noticed a strange behaviour after screen lock. The system, according to settings, should ask for password before switching on again.
Now, if you press many time in serious the button “UNLOCK” it goes on WITHOUT PASSWORD given.
Moreover the system stops to ask for password by next screen locks or hibernations as long as you do not log off the user.

Is it a bug or I did mistake in settings?

System OpenSuse 11.2 with Gnome

did you probably installed for automatic login?
without a passwd.

absolutely not. The system should require password at login. And it does. I never tried myself to do it this way. I left the computer on the table for some time, the screen automatically locked and then my son, who did not know the password, wanted to do something. He could not log into the system so he started to play with “unlock” button. After several presses the system unlocked itself. I could not believe him, so he presented it to me once again. He proved me the way to bypass the password.

check screen saver settings.
i did not find any such problems.
then i am running it in desktop computer.

I use it on my laptop. Screensaver is Compass.
Both options:

  • start the screensaver when computer not active
  • lock the screen when screensaver is active
    are checked.
    The screensaver starts after 5 minuts.

but you were right. It seems to be related to screensaver. If I lock the screen from menu this bypass does not work. It works only by unlocking from screensaver.

Does it do it with a different screensaver?

First which GUI?

Second you have replaced the default screen saver with one that was originally designed for Windows. Are you sure you did it right? Are you sure that Compass actually does a real logout?

O.K. So that’s why I couldn’t find it in my screensavers to test it.

I checked also other screensavers. The same. Finally I deactivated the screensaver when computer was idle and locked the screen from menu.
This time it needed longer series of clicks, but again after some 20-30 clicks, one immediately after other, I managed to unlock the system!

I can not recreate this issue. I did give it a good try. Probably 100 attempts. I don’t know where to point you to start digging.

I am going to plagiaries CAF, but here goes.lol!

Please past the output of the following:

zypper lr -d

This will allow us to see what repos you have setup. There is a possibility that somethings are not the versions that they should be.

| Alias | Nazwa | Włączono | Odśwież | Priorytet | Typ | Adres URL | Serwer

–±--------------------------------------------------------------------±--------------------------------------------------------------------±---------±--------±----------±-------±----------------------------------------------------------------------±------
1 | Libdvdcss repository | Libdvdcss repository | Tak | Tak | 99 | rpm-md | Index of /pub/vlc/SuSE/11.2/ |
2 | Packman Repository | Packman Repository | Tak | Tak | 99 | rpm-md | Index of /pub/packman/suse/11.2 |
3 | http-download.opensuse.org-173cc6aa | http-download.opensuse.org-173cc6aa | Tak | Tak | 99 | rpm-md | Index of /repositories/server:/ftp/openSUSE_11.2 |
4 | http-download.opensuse.org-6b4e0e3c | http-download.opensuse.org-6b4e0e3c | Tak | Tak | 99 | rpm-md | Index of /repositories/server:/ftp/openSUSE_11.2 |
5 | Index of /repositories/server:/ftp/openSUSE_11.2 | Index of /repositories/server:/ftp/openSUSE_11.2 | Tak | Tak | 99 | rpm-md | Index of /repositories/server:/ftp/openSUSE_11.2 |
6 | openSUSE 11.2-0 | openSUSE 11.2-0 | Tak | Nie | 99 | yast2 | cd:/// |
7 | openSUSE-11.2-Non-Oss | openSUSE-11.2-Non-Oss | Tak | Tak | 99 | yast2 | Index of /distribution/11.2/repo/non-oss |
8 | openSUSE-11.2-Oss | openSUSE-11.2-Oss | Tak | Tak | 99 | yast2 | Index of /distribution/11.2/repo/oss |
9 | server:ftp | server:ftp | Tak | Tak | 99 | rpm-md | Index of /repositories/server:/ftp/openSUSE_11.2 |

short translation:
Nazwa = Name
Włączono = Activated
Odśwież = Refresh
Priorytet = Priority
Tak = Yes
Nie = No

Before you do any of what I post below, please let CAF come in here and take a look at your repos. I tried to reformat this so that I could read it easier, but I may still be looking at it wrong.

Since you already have libdvdcss installed, you should deactivate or delete #1
#2 Packman looks O.K.
#3, #4, #5 and #9 look to all be pointing to the same place. And #5 looks to be completely the wrong format. Delete #4 and #5 and #9.
#6, #7 and #8 look good

I don’t see an Update repository at all.

Is there a reason why you chose to use FTP over the regular URL addresses? Using http can now allow them to be dynamic and they will automatically grab the fastest servers they can find.

I had Jonathan_R take a look at the repos and he says they look O.K., so I was having a problem with the format of them on my screen. Not sure what is up with that, but I will work on that later.

Don’t make any changes to the repos.

I am going to see if I can find a bug report on this issue.

I don’t see a bug report for this issue. Could you try submitting one here? openSUSE You may want to read the FAQ before submitting, as it is not the most intuitive thing I have ever seen.

This is the first time I heard someone saying there are too few passwords in linux or complaining about the OS not asking for one in the first place.
First time for everything I guess, its usually the other way around from most newcomers.

2 | Packman Repository                                                  |  Packman Repository                                                  |  Tak      | Tak     |   99      | rpm-md | [Index  of /pub/packman/suse/11.2](http://ftp.skynet.be/pub/packman/suse/11.2/)                           |       
6 | openSUSE 11.2-0                                                     |  openSUSE 11.2-0                                                     | **Nie      | Nie     **|   99      | yast2  | cd:///                                                                 |       
7 | openSUSE-11.2-Non-Oss                                               |  openSUSE-11.2-Non-Oss                                               |  Tak      | Tak     |   99      | yast2  | [Index of /distribution/11.2/repo/non-oss](http://download.opensuse.org/distribution/11.2/repo/non-oss)           |        
8 | openSUSE-11.2-Oss                                                   |  openSUSE-11.2-Oss                                                   |  Tak      | Tak     |   99      | yast2  | [Index of /distribution/11.2/repo/oss](http://download.opensuse.org/distribution/11.2/repo/oss)               |        

Keep those and add in

Update
Index of /update/11.2

Then in a su terminal run:

zypper dup

As to the main issue of the password and lots of clicking will get you in etc…

I cannot reproduce this
If I could I would say it was a bug
Others too have tried and cannot reproduce…

This makes me feel uneasy. At least if it were me I would start doubting the integrity of my system.

Create a new user account
Login with it
and see if you can reproduce the behaviour there, just don’t adjust any settings from the default.
Let us know what happens