Question about pam_exec module

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

I need to authenticate a user against https://login.microsoftonline.com. To this point, I have written a small python script that makes use of adal module to do such task. When run from command line, the sequence is

1) The script performs a request to login.microsoftonline.com and produces a URL and a code on the terminal. Then, it stalls. 2) The user points its browser to that URL, introduces the code, and authenticates itself. 3) The script receives an authentication result and return either 0 (for authentication OK) or 1 (for authentication not OK).

I want to integrate this script with sshd login, by using pam_exec. In /etc/pam.d/sshd I have in the first line:

   auth sufficient pam_exec.so stdout /usr/bin/login.py

What I would expect to happen is that the remote user logs into SSH, receives the URL and code back, and (after successful authentication) it provides a terminal to the machine.

However, what happens is that all the messages printed out by the script are not put on the line until the script has finished (in which moment the URL is not valid anymore). Furthermore, I do know this is not a problem with python: If I substitute the script by a simple "Hello world" program, I get 'Hello world' on the ssh client. However, if I add a sleep(60) after the printf("Hello world"); I get nothing when the ssh client establishes the connection but only when the program finishes (so, after 60 seconds).

Does anybody know if this is suppose to work like this, when stdout is used? Should I flush any kind of buffer from the program/python script? I have been looking at this for some time now, and I have no clear idea on what the problem might be.

Thank you!

--
Felix Rubio
"Don't believe what you're told. Double check."

_______________________________________________
Pam-list mailing list
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list



[Index of Archives]     [Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

  Powered by Linux