The default kdm configuration allows anyone at the system console to halt or reboot the machine without having to give any sort of password. Ironically, once one has logged in one needs to give a password to do this. I think that this is a mistake; the setup should require you to give the root password for the machine in order to halt or reboot it by default, or something of that order.
*** This bug has been marked as a duplicate of 6838 ***