Hello all. I am trying to implement the pam_script.so method of novell client single signon on sled10sp2 and ncl 2.0 sp1. All goes well except the $PAM_AUTHTOK pam variable does not pass the password as i think it should.

in my /etc/security/onauth script which goes as follows:

# Pulls in the username and assigns it to the variable USER.
. /etc/sysconfig/novell-singlelogin
# LDAP searches for the context of the user and stores it in a variable called FQN
FQN=`ldapsearch -h $LDAPSERVER -x cn=$USER objectclass=dn | grep ^dn | sed -e "s/^dn: cn=$USER,//i" -e "s/ou=//g" -e "s/o=//g" -e "s/,/./g"`
if test -z "$FQN"; then
echo "`date` ldap user not found" >> /tmp/onauth
#Logs in the user to edirectory but does not map the drives. The drives are mapped in the session script.
echo "`date` -t $TREE -u $USER -c $FQN -p $PAM_AUTHTOK" >> /tmp/onauth;
/opt/novell/ncl/bin/nwlogin -t $TREE -u $USER -c $FQN -p $PAM_AUTHTOK;

the $PAM_AUTHTOK variable is always blank. It should however contain the user password. my /etc/pam.d/gdm script looks like this:

auth include common-auth
auth required pam_micasa.so
auth sufficient pam_script.so expose=1
auth required pam_ncl_autologin.so
account sufficient pam_nam.so
account include common-account
password sufficient pam_nam.so
password include common-password
session include common-session
session optional pam_nam.so
session required pam_script.so expose=1
session required pam_devperm.so
session required pam_resmgr.so
session required pam_ncl_autologin.so

and my /etc/security/pam_unix2.conf as the following:

auth: call_modules=nam

if i hardcode the user password in place of $PAM_AUTHTOK the onauth pam_script.so script works just fine, it just will not pick up a password despite the expose=1 on the pam_script.so module.

Anyone have any ideas or pointers on this one?