From 099f576f3086446cf9fcb40fbc10f9bdffefa762 Mon Sep 17 00:00:00 2001
From: decentral1se <lukewm@riseup.net>
Date: Wed, 29 Sep 2021 09:49:25 +0200
Subject: [PATCH] feat: better logging for pam logic

---
 abra.sh            | 2 +-
 entrypoint.sh.tmpl | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/abra.sh b/abra.sh
index f1d97e4..1f13e83 100644
--- a/abra.sh
+++ b/abra.sh
@@ -1,4 +1,4 @@
-export CUSTOM_ENTRYPOINT_VERSION=v2
+export CUSTOM_ENTRYPOINT_VERSION=v3
 export OIDC_CONF_VERSION=v1
 export PAM_EXEC_OAUTH2_YAML_VERSION=v1
 export PAM_SCRIPT_AUTH_VERSION=v1
diff --git a/entrypoint.sh.tmpl b/entrypoint.sh.tmpl
index 68c3d87..a7a6bdf 100644
--- a/entrypoint.sh.tmpl
+++ b/entrypoint.sh.tmpl
@@ -31,8 +31,8 @@ echo 'auth-openid-base-uri=https://{{ env "DOMAIN" }}' >> /etc/rstudio/rserver.c
 
 {{ if eq (env "KEYCLOAK_ENABLED") "1" }}
 apt install -y libpam-script
-echo 'auth sufficient pam_exec.so expose_authtok /opt/pam-exec-oauth2/pam-exec-oauth2' >> /etc/pam.d/common-auth
-echo 'auth optional pam_script.so' >> /etc/pam.d/common-auth
+echo 'auth required pam_exec.so debug expose_authtok log=/tmp/pam_exec.log /opt/pam-exec-oauth2/pam-exec-oauth2 --debug' >> /etc/pam.d/common-auth
+echo 'auth required pam_script.so' >> /etc/pam.d/common-auth
 mkdir -p /opt/pam-exec-oauth2/
 wget https://github.com/WASHNote/pam-exec-oauth2/releases/download/v0.0.1/pam-exec-oauth2 -O /opt/pam-exec-oauth2/pam-exec-oauth2
 chmod +x /opt/pam-exec-oauth2/pam-exec-oauth2