The screen of a Tails session can be locked through the system menu, or by invoking the tails-screen-locker script directly.

The ticket that tracked this work was #5684.

This is useful for example for journalists that want to be able to leave their computer unattended in their office to go to the toilets for a minute and have their screen locked.

How do other live distributions do that?

  • Knoppix
    • No password whatsoever → not possible to lock (or unlock!)
    • http://www.linux-magazine.com/Online/Features/Getting-Started-with-Knoppix-7.3
    • Base: Debian
    • Desktop: KDE
    • Might be interested in our solution.
  • Grml
    • Already have a custom script called grml-lock which is a wrapper around vlock that asks for a password on first use.
    • Base: Debian
    • Desktop: fluxbox
  • Jondo Live
    • Ask for user password on boot, then I didn't find a way of locking the screen xlock. No xlock.
    • Base: Debian
    • Desktop: XFCE
  • Kali
    • Lock screen through GNOME and the default 'toor' password.
    • Base: Debian
    • Desktop: GNOME
    • Low interest in our solution as Kali is not mainly used in live environment.
  • Tanglu
    • Lock screen through GNOME and the default 'live' password.
    • Base: Debian
    • Desktop: GNOME
  • Debian Live
    • Lock screen through GNOME and the default 'live' password.
    • Base: Debian
    • Desktop: GNOME

Which password to use?

It is already possible to set an administration password from Tails Greeter, and we could reuse it for unlocking the screen. But we also need a solution for when no administration password has been set.

During the 201412 monthly meeting we proposed to prompt for a password before locking the screen for the first time, if there is no administration password.

How to activate it?

  • Through the better power off button (#5322).
  • Through the usual GNOME shortcut: Meta+L
  • If a password has been set already:
    • Automatically after X minutes of idle.
    • When closing the lid.

Implementation

An initial implementation was started in feature/better power off button, and reverted since it turned out to be more complicated than originally thought. This implementation and the problems listed below were discussed on the tails-dev ML in November 2012.

Ideas to implement the password prompt before the first locking:

  • Use a different PAM config for the screensaver
  • Turn the admin password into the root one, and use the user password's as the locker's one.