The default kdm configuration allows anyone at the system
console to halt or reboot the machine without having to
give any sort of password. Ironically, once one has logged
in one needs to give a password to do this.
I think that this is a mistake; the setup should require
you to give the root password for the machine in order to
halt or reboot it by default, or something of that order.
*** This bug has been marked as a duplicate of 6838 ***