Currently, we're identifying sessions internally in VSM Server/Agent with the username-as-a-string. Using numeric uid instead would make us less vulnerable to trouble in the name service switch subsystem. For example, if an agent has lost its connection to LDAP , verifying session for "kalle" will fail, but verifying session for 2004, kalle's uidNumber, will still work. Some parts of VSM Agent still needs to know the username, but only during session startup.
This is not a trivial change. Lot's of places currently use the username, and we'll probably still want most log messages to keep doing it, which means we'll have to keep both the uid and the username around. There are also some API changes between VSM Server and Agent, but that's not a big trouble.
This is a problem I'm seeing fairly often at home. Whenever the LDAP server is a bit lazy, or temporarily down, I get stray Xvnc processes that make my life difficult. This would probably get a lot worse in a cluster as we know that KDE and GNOME do not like multiple instances on different machines, not to mention how gracefully Mozilla handles multiple processes.
See also bug 2839.
Shadowing of users on case-insensitive systems is also broken because we do string comparisons. Comparing UIDs is the proper way to handle those cases.
