When signing in another user into an existing session, it is possible to enter the online sign-in flow by mistyping the password multiple times.
During the online sign-in flow, you could add an entirely new user. Beyond that, there appear to be some bugs with the current flow if readding the same user; the password is not captured correctly so the user's cryptohome gets nuked and recreated, but fails to get recreated.
Lots of edge cases here, so lets just disable online sign-in flow when adding a new user to an existing session.
Comment 1 by jdufault@chromium.org
, Feb 8 2017