Question about pam_exec module

[Felix Rubio]

Hi,

    I need to authenticate a user against 
https://login.microsoftonline.com. To this point, I have written a small 
python script that makes use of adal module to do such task. When run 
from command line, the sequence is

    1) The script performs a request to login.microsoftonline.com and 
produces a URL and a code on the terminal. Then, it stalls.
    2) The user points its browser to that URL, introduces the code, and 
authenticates itself.
    3) The script receives an authentication result and return either 0 
(for authentication OK) or 1 (for authentication not OK).

I want to integrate this script with sshd login, by using pam_exec. In 
/etc/pam.d/sshd I have in the first line:

    auth sufficient pam_exec.so stdout /usr/bin/login.py

What I would expect to happen is that the remote user logs into SSH, 
receives the URL and code back, and (after successful authentication) it 
provides a terminal to the machine.

However, what happens is that all the messages printed out by the script 
are not put on the line until the script has finished (in which moment 
the URL is not valid anymore). Furthermore, I do know this is not a 
problem with python: If I substitute the script by a simple "Hello 
world" program, I get 'Hello world' on the ssh client. However, if I add 
a sleep(60) after the printf("Hello world"); I get nothing when the ssh 
client establishes the connection but only when the program finishes 
(so, after 60 seconds).

Does anybody know if this is suppose to work like this, when stdout is 
used? Should I flush any kind of buffer from the program/python script? 
I have been looking at this for some time now, and I have no clear idea 
on what the problem might be.

Thank you!

-- 
Felix Rubio
"Don't believe what you're told. Double check."