xlock Command
Purpose
Locks the local X display until a password is entered.
Syntax
xlock [ -batchcount Number ] [ -bg Color ] [ -delay Users ] [ -display Display ] [ -fg Color ] [ -font FontName ] [ -info TextString ] [ -invalid TextString ] [ -mode ModeName ] [ +mono | -mono ] [ -username TextString ] [ -nice Level ] [ +nolock | -nolock ] [ -password TextString ] [ +remote | -remote ] [ +allowaccess | -allowaccess ] [ +allowroot | -allowroot ] [ +echokeys | -echokeys ] [ +enablesaver | -enablesaver ] [ -help ] [ -saturation Value ] [ -timeout Seconds ] [ +usefirst | -usefirst ] [ +v | -v ] [ -validate TextString ]
Description
The xlock command locks the X server until the user enters a password at the keyboard. While the xlock command is running, all new server connections are refused. The screen saver is disabled, the mouse cursor is turned off, the screen is blanked, and a changing pattern is displayed. If a key or a mouse button is pressed, a prompt asks for the password of the user who started the xlock command.
If the correct password is typed, the screen is unlocked and the X server is restored. When typing the password, Ctrl-U and Ctrl-H are active as kill and erase, respectively. To return to the locked screen, click in the small icon version of the changing pattern.
To function properly, xlock needs to run with root permission since the operating system restricts access to the password and access control files. To give xlock root permission, perform the following steps:
- Log in as root.
- Go to the directory that contains the xlock program file.
- Run these two commands:
 - chown root xlock
- chmod u+s xlock
 
- Authentication
- 
The xlock command is a Pluggable Authentication Module (PAM) enabled X server command that locks the X server until the user enters a password. It supports both local UNIX authentication and PAM authentication for unlocking the X server. You can set the system-wide configuration to use PAM for authentication by providing root user access and by modifying the value of the auth_type attribute to PAM_AUTH in the usw stanza of the /etc/security/login.cfg file. The authentication mechanisms that are used when PAM is enabled are dependent on the configuration of the login service in the /etc/pam.conf file. The xlock command requires the /etc/pam.conf file entry for the auth, account, password, and session module types. The following configuration is recommended for the /etc/pam.conf file entry in the xlock command:xlock auth required pam_aix xlock account required pam_aix xlock password required pam_aix xlock session required pam_aix
Flags
| Item | Description | 
|---|---|
| -batchcount Number | Sets the number of things to do per batch. Number refers
to different things depending on the mode: 
 | 
| -bg Color | Sets the color of the background on the password screen. | 
| -delay Number | Sets the speed at which a mode operates to the number of
microseconds to delay between batches of hopalong pixels, qix lines, life generations, image bits,
and swarm motions. In the blank mode, it is important to set this to a small number because the keyboard and mouse are only checked after each delay. A delay of zero would needlessly consume the processing unit while checking for mouse and keyboard input in a tight loop since the blank mode has no work to do. | 
| -display Display | Sets the X11 display to lock. The xlock command locks all available screens on the server and restricts you to locking only a local server, such as unix:0, localhost:0, or :0 (unless you set the -remote flag). | 
| -fg Color | Sets the color of the text on the password screen. | 
| -font FontName | Sets the font to be used on the prompt screen. | 
| -help | Prints a brief description of available options. | 
| -info TextString | Defines an informational message. The default is Enter password to unlock; select icon to lock. | 
| -invalid TextString | Specifies an password message. The default is Invalid login. | 
| -mode ModeName | Specifies one the following six display modes: 
 | 
| -nice NiceLevel | Sets system nicelevel of the xlock process. | 
| -password TextString | Specifies the password prompt string. The default is Password:. | 
| -saturation Value | Sets saturation of the color ramp. A value of 0 (zero) is grayscale and a value of 1 is very rich color. A value of 0.4 is a medium pastel. | 
| -timeout Seconds | Sets the number of seconds before the password screen times out. | 
| -username TextString | Specifies the message shown in front of the user name. The default is Name:. | 
| -validate TextString | Specifies the message that is shown while validating the password. The default is Validating login.... | 
| -/+allowaccess | Allows the disabling of the access control list, but still
causes the local server to prompt for a password. If xlock is
killed using the -KILL command, the access control list is
not lost. This flag is also needed when running the xlock command remotely since access to the control list is restricted. | 
| -/+allowroot | Allows the root password to unlock the server as well as the user who started the xlock command. | 
| -/+echokeys | Causes the xlock command to echo to screen a '?' (question mark) character for each key typed into the password prompt. The default is no echo. | 
| +/-enablesaver | Enables the default screensaver. It is possible to set delay parameters long enough to cause phosphor burn on some displays. This flag can be used as an added precaution. | 
| +/-mono | Causes the xlock command to display monochrome (black and white) pixels rather than the default colored ones on color displays. | 
| +/-nolock | Causes the xlock command to only draw the patterns and not to lock the display. A keypress or a mouse click terminates the screen saver. | 
| +/-remote | Allows remote locking of X11 servers. This flag should be used with care. It is intended mainly to lock X11 terminals that cannot run the xlock command locally. If you lock a workstation other than your own, that person will need your password to unlock it.The -remote option does not disable your ability to toggle to another shell. | 
| +/-usefirst | Allows using the keystroke which obtained the password screen as the first input character in the password. The default ignores the first keystroke. | 
| +/-v | Minus prefix enables the verbose mode to tell which options the xlock command is going to use. The plus prefix is the default. |