I'm trying to use the pam_exec.so PAM module to execute a script which needs to know the username/password coming from the application (OpenVPN in this case).
I have a script that executes printenv >>afile, but I don't see all the environment variables that the man pages states that pam_exec.so exports (namely PAM_USER I think), I only see the following:
PAM_SERVICE=openvpn
PAM_TYPE=auth
PWD=/usr/local/openvpn/bin
SHLVL=1
A__z="*SHLVL
I do successfully pick up the password off of STDIN and output it with this same script. But for the life of me I can't get the username.
Any thoughts on what I should try next?
If you set key-value pairs with the plugin "openvpn-plugin-auth-pam.so" like this:
plugin /usr/lib/openvpn/openvpn-plugin-auth-pam.so "openvpn mykey myval login COMMONNAME"
then it doesn't set PAM_USER (because it calls pam_start with user=NULL), maybe that's your problem?
What distribution are you using? RHEL and CentOS use pam 0.99. There's currently a bug open for this issue (https://bugzilla.redhat.com/show_bug.cgi?id=554518) but I believe they're just using an ancient version of PAM.