1 files changed, 7 insertions, 2 deletions

diff --git a/mod_intercept_form_submit.c b/mod_intercept_form_submit.c
index a0a6b00..833b29a 100644
--- a/mod_intercept_form_submit.c
+++ b/mod_intercept_form_submit.c
@@ -78,19 +78,24 @@ int pam_authenticate_conv(int num_msg, const struct pam_message ** msg, struct p
 }
 
 #define _REMOTE_USER_ENV_NAME "REMOTE_USER"
+#define _EXTERNAL_AUTH_ERROR_ENV_NAME "EXTERNAL_AUTH_ERROR"
 int pam_authenticate_with_login_password(request_rec * r, const char * pam_service, char * login, const char * password) {
 	pam_handle_t * pamh = NULL;
 	struct pam_conv pam_conversation = { &pam_authenticate_conv, (void *) password };
 	int ret;
 	if ((ret = pam_start(pam_service, login, &pam_conversation, &pamh)) != PAM_SUCCESS) {
+		const char * strerr = pam_strerror(pamh, ret);
 		ap_log_error(APLOG_MARK, APLOG_WARNING, 0, r->server,
-			"mod_intercept_form_submit: PAM transaction failed for service %s: %s", pam_service, pam_strerror(pamh, ret));
+			"mod_intercept_form_submit: PAM transaction failed for service %s: %s", pam_service, strerr);
+		apr_table_setn(r->subprocess_env, _EXTERNAL_AUTH_ERROR_ENV_NAME, apr_pstrdup(r->pool, strerr));
 		pam_end(pamh, ret);
 		return 0;
 	}
 	if ((ret = pam_authenticate(pamh, PAM_SILENT | PAM_DISALLOW_NULL_AUTHTOK)) != PAM_SUCCESS) {
+		const char * strerr = pam_strerror(pamh, ret);
 		ap_log_error(APLOG_MARK, APLOG_WARNING, 0, r->server,
-			"mod_intercept_form_submit: PAM authentication failed for user %s: %s", login, pam_strerror(pamh, ret));
+			"mod_intercept_form_submit: PAM authentication failed for user %s: %s", login, strerr);
+		apr_table_setn(r->subprocess_env, _EXTERNAL_AUTH_ERROR_ENV_NAME, apr_pstrdup(r->pool, strerr));
 		pam_end(pamh, ret);
 		return 0;
 	}