summaryrefslogtreecommitdiffstats
path: root/wiki/src/blueprint/screen_locker.mdwn
blob: 45d76862cca7fad03cf520f44b0b0b43515bd1db (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
[[!meta title="Screen locker"]]

The screen of a Tails session can be locked through the system menu, or by invoking the tails-screen-locker script directly.

The ticket that tracked this work was [[!tails_ticket 5684]].

This is useful for example for
journalists that want to be able to leave their computer unattended in
their office to go to the toilets for a minute and have their screen
locked.

[[!toc]]

How do other live distributions do that?
========================================

  - [Knoppix](http://www.knoppix.org/)
    - No password whatsoever → not possible to lock (or unlock!)
    - http://www.linux-magazine.com/Online/Features/Getting-Started-with-Knoppix-7.3
    - Base: Debian
    - Desktop: KDE
    - Might be interested in our solution.
  - [Grml](http://grml.org/)
    - Already have a custom script called
      [grml-lock](https://github.com/grml/grml-scripts/blob/master/usr_bin/grml-lock)
      which is a wrapper around vlock that asks for a password on first use.
    - Base: Debian
    - Desktop: fluxbox
  - [Jondo Live](https://anonymous-proxy-servers.net/en/jondo-live-cd.html)
    - Ask for user password on boot, then I didn't find a way of locking the
      screen xlock. No xlock.
    - Base: Debian
    - Desktop: XFCE
  - [Kali](http://www.kali.org/)
    - Lock screen through GNOME and the default 'toor' password.
    - Base: Debian
    - Desktop: GNOME
    - Low interest in our solution as Kali is not mainly used in live environment.
  - [Tanglu](http://www.tanglu.org/)
    - Lock screen through GNOME and the default 'live' password.
    - Base: Debian
    - Desktop: GNOME
  - [Debian Live](https://www.debian.org/devel/debian-live/)
    - Lock screen through GNOME and the default 'live' password.
    - Base: Debian
    - Desktop: GNOME

Which password to use?
======================

It is already possible to set an administration password from Tails
Greeter, and we could reuse it for unlocking the screen. But we also
need a solution for when no administration password has been set.

During the [[201412 monthly meeting|contribute/meetings/201412/]] we
proposed to prompt for a password before locking the screen for the
first time, if there is no administration password.

How to activate it?
===================

  - Through the better power off button (#5322).
  - Through the usual GNOME shortcut: Meta+L
  - If a password has been set already:
    - Automatically after X minutes of idle.
    - When closing the lid.

Implementation
==============

An initial implementation was started in [[!tails_gitweb_branch
feature/better_power_off_button]], and reverted since it turned out to be more
complicated than originally thought. This implementation and the problems
listed below were discussed on the tails-dev ML in November 2012.

Ideas to implement the password prompt before the first locking:

  - Use a different PAM config for the screensaver
  - Turn the admin password into the root one, and use the user
    password's as the locker's one.