English:
I found that in KDE, three incorrect logins in the lock screen state will lock the account, but you can bypass this restriction by entering SDDM and shutting down the computer by clicking the switch user button.
In addition, when switching users, you will go to SDDM, which may cause computers in public places can be shut down by strangers. For this problem, it is recommended to adopt a method similar to gnome, prohibiting any shutdown methods on the unlock interface for logged-in and locked computers.
In addition, three sudo test failures will trigger the lock, but there is no prompt.
In addition, selecting elarun in SDDM will cause the next startup to fail to enter SDDM.
Next, I have some unprofessional suggestions, which may not be in line with the actual situation.
First, I hope that when pressing the switch user button on the lock interface, a window for entering user information can be opened on the spot to detect whether it is a valid login. If the password is correct, it will directly enter the desktop of another user. If it fails more than three times, other users are prohibited from logging in.
Second, add a setting interface and add a setting for automatic locking after three sudo test failures.
Third, selecting elarun in the sddm setting will cause the next startup to fail normally. It is recommended to delete this topic.
Although these are not critical security errors, they may cause trouble to some
users, hence this recommendation.
System information:
Operating System: Arch Linux
KDE Plasma Version: 6.2.5
KDE Frameworks Version: 6.10.0
Qt Version: 6.8.1
Kernel Version: 6.12.10-arch1-1 (64-bit)
Graphics Platform: Wayland
Chinese:
我发现kde中针对锁屏状态三次错误登录会锁定账户,但是可以通过切换用户按钮进入SDDM再关闭计算机跳过该限制。
并且,切换用户时会转到SDDM,可能导致公共场所的计算机被陌生人关闭。针对这个问题,建议采取类似gnome的方式,禁止已登录并锁定的计算机在解锁界面任何的关机手段。
此外,三次sudo检验失败后会触发锁定,但没有任何提示。
另外,在SDDM中选择elarun会导致下次启动无法进入SDDM。
接下来我有一些非专业的建议,可能与实际不符。
第一,我希望可以在锁定界面按下切换用户按钮时就地打开一个输入用户信息的窗口,检测是否是有效登录,若密码正确,则直接进入另一用户桌面。如果失败超过三次,则禁止登录其他用户。
第二,加入一个设置界面,加入一个sudo检验三次失败自动锁定的设置。
第三,sddm设置中选择elarun会导致下次启动无法正常进行,建议删除此主题。
这些虽然不是什么重要的安全错误,但可能会使部分用户困扰,所以作出这个建议。