I'd like to set it up so that when the screen locks a new user could log in and use the system. The way it is now (I think) you have to know the password to unlock and log the current user out.
Using the password of currently locked session behavior is by default design. But, I did find out that you could use root's password to unlock someone's session, and then of course you'd have to log that user out so someone else could log in.
I guess the XFCE Debian setup would be similar to Slackware. The /usr/bin/xflock4 script controls what screensaver lock app/script is used and what options. Mine said to use:
xscreensaver-command -lock || xlock $*
I replaced it with this:
At the screensaver lock screen, entering either root's password or the currently session user's password allows entry. Read man xlock
for the details.
NOTE: The xlock man page has an etiquette section about this topic the OP asked about. Changing the default screensaver password lock behavior should be based on security policy being enforced at the site.