diff --git a/pam_script_auth.sh b/pam_script_auth.sh
index e62a1e8..113a6e0 100755
--- a/pam_script_auth.sh
+++ b/pam_script_auth.sh
@@ -1,4 +1,12 @@
 #!/bin/bash
-if ! id "$PAM_USER" &>/dev/null; then
-	adduser $PAM_USER --disabled-password --quiet --gecos ""
+
+if [ -z "$PAM_USER" ]; then
+	echo "did not receive PAM_USER env var"
+	exit 1
 fi
+
+if ! id "$PAM_USER" &>/dev/null; then
+	adduser "$PAM_USER" --disabled-password --quiet --gecos ""
+fi
+
+exit 0