I've recently migrated from Apache/mod-auth-external to using nginx/auth_pam/auth_pam_script.

My Debian wheezy package pam_script_auth is occaisionally hanging (getting zombie processes). It' adapted from a long running one that I used under load via Apache mod-auth-external) to call a REST API authentication method on a different app on the same machine.

I'm having difficulty reproducing the error condition as script works fine on command line and only occasionally hangs. But when this happens, I then get a number of hung pam_script_auth scripts up to the number of worker processes available to the local app (uwsgi).

Any suggestions?

Below is a summary of what is in the pam_script_auth

def main():
        try:
                username = os.environ["PAM_USER"]
                password = os.environ["PAM_AUTHTOK"]    
        except KeyError:
                username = raw_input("Enter your username: ")
                password= raw_input("Enter your password: ")
        conn = httplib.HTTPConnection(HOST)
        <construct HTTP API authentication call>
        r1 = conn.getresponse()
        data1 = r1.read()
        conn.close()
        if data1 != 'true':
                logging.error("nope")
                sys.exit("invalid auth")

if __name__ == "__main__":
        sys.exit(main())

When you are doing network calls you should build in a timeout since the remote server could be down or what so ever.