I'm trying to use the pam_exec.so PAM module to execute a script which needs to know the username/password coming from the application (OpenVPN in this case).
I have a script that executes printenv >>afile, but I don't see all the environment variables that the man pages states that pam_exec.so exports (namely PAM_USER I think), I only see the following:
PAM_SERVICE=openvpn
PAM_TYPE=auth
PWD=/usr/local/openvpn/bin
SHLVL=1
A__z="*SHLVL
I do successfully pick up the password off of STDIN and output it with this same script. But for the life of me I can't get the username.
Any thoughts on what I should try next?
Best Answer
If you set key-value pairs with the plugin "openvpn-plugin-auth-pam.so" like this:
plugin /usr/lib/openvpn/openvpn-plugin-auth-pam.so "openvpn mykey myval login COMMONNAME"
then it doesn't set PAM_USER (because it calls pam_start with user=NULL), maybe that's your problem?