I need to authenticate a user against
https://login.microsoftonline.com. To this point, I have written a small
python script that makes use of adal module to do such task. When run
from command line, the sequence is
1) The script performs a request to login.microsoftonline.com and
produces a URL and a code on the terminal. Then, it stalls.
2) The user points its browser to that URL, introduces the code, and
3) The script receives an authentication result and return either 0
(for authentication OK) or 1 (for authentication not OK).
I want to integrate this script with sshd login, by using pam_exec. In
/etc/pam.d/sshd I have in the first line:
auth sufficient pam_exec.so stdout /usr/bin/login.py
What I would expect to happen is that the remote user logs into SSH,
receives the URL and code back, and (after successful authentication) it
provides a terminal to the machine.
However, what happens is that all the messages printed out by the script
are not put on the line until the script has finished (in which moment
the URL is not valid anymore). Furthermore, I do know this is not a
problem with python: If I substitute the script by a simple "Hello
world" program, I get 'Hello world' on the ssh client. However, if I add
a sleep(60) after the printf("Hello world"); I get nothing when the ssh
client establishes the connection but only when the program finishes
(so, after 60 seconds).
Does anybody know if this is suppose to work like this, when stdout is
used? Should I flush any kind of buffer from the program/python script?
I have been looking at this for some time now, and I have no clear idea
on what the problem might be.
"Don't believe what you're told. Double check."
Pam-list mailing list