Stable
garlock
Screen Locker
A PAM-authenticated screen locker with secure input handling. garlock features background blur, status indicators, and a clean interface while ensuring your passwords are handled securely.
garlock screenshot 1200 × 700
Features
- PAM authentication for secure login
- Secure password handling with zeroize
- X11 keyboard/mouse grabbing
- Configurable background blur
- Caps lock indicator
- Time display on lock screen
- Failed attempt counter
- Grace period support
- Cooldown after failed attempts
- Cairo/Pango rendering for UI
Installation
$
curl -fsSL https://gar.dev/install.sh | bash -s -- --component=garlock Or use the universal installer to install all components.
Configuration
config.toml
# ~/.config/garlock/config.toml
[general]
# Grace period before requiring password (seconds)
grace_period = 5
# PAM service name
pam_service = "garlock"
# Max failed attempts before cooldown
max_attempts = 3
# Cooldown after max attempts (seconds)
cooldown_seconds = 30
[background]
# Blur radius for background screenshot
blur_radius = 25.0
# Brightness adjustment (0.0 - 1.0)
brightness = 0.6
# Or use a static image
# image = "~/.config/garlock/background.png"
[indicator]
# Show caps lock state
show_caps_lock = true
# Show failed attempt count
show_failed_attempts = true
# Show current time
show_time = true
time_format = "%H:%M"
# Colors
background = "#14171e"
foreground = "#abb2bf"
error = "#e06c75"
success = "#98c379"Usage
$ garlock # Lock the screen immediately
Bind garlock to a key in your gar configuration:
gar.key({ gar.mod, "Escape", gar.spawn("garlock") }) PAM Configuration
garlock requires a PAM configuration file at /etc/pam.d/garlock:
/etc/pam.d/garlock
#%PAM-1.0
auth include system-auth
account include system-authThe installer creates this file automatically.
Security
- Passwords are zeroed from memory immediately after use
- X11 input is grabbed to prevent bypassing
- Uses the same PAM stack as your system login