Securing unattended terminals
Use the lock and xlock commands to secure your terminal.
All systems are vulnerable if terminals are left logged in and unattended. The most serious problem occurs when a system manager leaves a terminal unattended that has been enabled with root authority. In general, users should log out any time they leave their terminals. Leaving system terminals unsecure poses a potential security hazard. To lock your terminal, use the lock command. If your interface is AIXwindows, use the xlock command.
- Authentication
The xlock command is a Pluggable Authentication Module (PAM) enabled X server command that locks the X server until the user enters a password. It supports both local UNIX authentication and PAM authentication for unlocking the X server.
You can set the system-wide configuration to use PAM for authentication by providing root user access and by modifying the value of the auth_type attribute to PAM_AUTH in the usw stanza of the /etc/security/login.cfg file.
The authentication mechanisms that are used when PAM is enabled are dependent on the configuration of the login service in the /etc/pam.conf file. The xlock command requires the /etc/pam.conf file entry for the auth, account, password, and session module types. The following configuration is recommended for the /etc/pam.conf file entry in the xlock command:xlock auth required pam_aix xlock account required pam_aix xlock password required pam_aix xlock session required pam_aix