Protonmail’s approach to a similar problem: start by having only one, choose separate passwords if you want. Sounds sensible.
I mostly refer to (1), since (as I understand) this is the topic of this discussion. I don’t feel knowledgable to judge how secure the screen lock is.
Good catch!
So Xorg crashing is likely fine as there are some security mechanisms in lightdm, but lightdm crashing is not fine.
Just try to kill -9 your lightdm and you’ll see…
If you look at pstree you’ll notice that systemd starts lightdm which in turn starts Xorg. Since your lightdm.service has restart=always, lightdm dying for whatever reason will leave you exposed if you use autologin.
So maybe remove that restart=always and try again.
Anyway I wonder how I managed to crash the DM back then…
1 Like
Yes, disabling service restart is a must with autologin, although I never experienced a lightdm crash (and even harder, one caused in the lock screen), having safer options seems the way to go.
So I changed the config from:
OnFailure=plymouth-quit.service
...
Restart=always
OnFailure=plymouth-quit.service systemd-reboot.service
...
Restart=no
and now triggering a lightdm “crash” will not restart its service and also initiate a reboot in the background (which may be more useful than manually switching TTY, login, and start lightdm)
1 Like