pam-python doesn't send output back to the user during authentication process

Question

pam-python doesn't send output to the user when executing a script, only when the script completes. The example below simulates instructions to users and some api calls to complete the process. There is no user interaction. The output is only sent to the user when the script completes.

import sys
import time

def pam_sm_authenticate(pamh, flags, argv):
    try:
        # simulate sending instructions (10 lines) to the user, which needs to be displayed
        for i in range(10):
            msg = pamh.Message(pamh.PAM_TEXT_INFO, 'Some important information')
            pamh.conversation(msg)

        # simulate doing some api calls to conclude the authentication process
            for i in range(5):
                msg = pamh.Message(pamh.PAM_TEXT_INFO, 'Some important information')
                pamh.conversation(msg)
                time.sleep(1)
    except Exception as e:
        print(f"Exception occurred: {e}")
        return 1

    return 0

def pam_sm_setcred(pamh, flags, argv):
    return 0 

auth    requisite   /lib/x86_64-linux-gnu/security/pam_python3.so /lib/x86_64-linux-gnu/security/test.py
#

Interesting side note on Ubuntu 24.04.1 LTS, it sends the output twice to the user ?!

Answer 1

I think a few notes and examples can help you.

1. "Return 0" - it is error! Pam uses her own variables. Next code for example https://github.com/Ralnoc/pam-python/blob/master/examples/pam_deny.py
2. Send message. Show example for it https://pam-python.sourceforge.net/examples/pam_nologin.py
3. Selecting the verification stage.Have you selected the "auth requisite" verification stage correctly? Our actions can be performed at 4 stages: account,auth,password,session

login account requisite pam_python.so pam_accept.py
login auth requisite pam_python.so pam_accept.py
login password requisite pam_python.so pam_accept.py
login session requisite pam_python.so pam_accept.py