5.15 Disable Fast User Switching


Fast user switching allows a person to quickly log in to the computer with a different account. While only a minimal security risk, when a second user is logged in, that user might be able to see what processes the first user is using, or possibly gain other information about the first user. In a large directory environment where it is difficult to limit login access many valid users can login to other user's assigned computers. Fast user switching allows multiple users to run applications simultaneously at console. There can be information disclosed about processes running under a different user. Without a specific configuration to save data and log out users can have unsaved data running in a background session that is not obvious.


In System Preferences: Accounts, Login Options, make sure the "Enable fast user switching" checkbox is off. Impact: Where support staff visit users computers consoles they will not be able to log in to their own session if there is an active and locked session.

See Also


Item Details


References: 800-53|AC-10

Plugin: Unix

Control ID: 66bb84844c8044d79ab49da8b871acbcc36b6eec4535d7dfe554bb55de06e17f