diff -U3 -r -x .git pam_url/INSTALL pam_url.mod/INSTALL
--- pam_url/INSTALL	2022-01-24 15:34:38.000000000 +0100
+++ pam_url.mod/INSTALL	2022-01-23 04:28:03.000000000 +0100
@@ -1,3 +1,4 @@
+
 To install pam_url type:
 $ make clean all
 $ su -c "make install"
diff -U3 -r -x .git pam_url/Makefile pam_url.mod/Makefile
--- pam_url/Makefile	2022-01-24 15:34:38.000000000 +0100
+++ pam_url.mod/Makefile	2022-01-23 04:13:43.000000000 +0100
@@ -34,7 +34,7 @@
 
 install:
 	install -D -m 755 ${obj} ${DESTDIR}/${pamlib}/${obj}
-	install -D -m 644 examples/pam_url.conf ${DESTDIR}/etc/pam_url.conf
+	test -s ${DESTDIR}/etc/pam_url.conf || install -D -m 644 examples/pam_url.conf ${DESTDIR}/etc/pam_url.conf
 
 uninstall:
 	rm -f ${DESTDIR}/${pamlib}/${obj}
Only in pam_url.mod/examples: myauth.php
diff -U3 -r -x .git pam_url/examples/pam_url.conf pam_url.mod/examples/pam_url.conf
--- pam_url/examples/pam_url.conf	2022-01-24 15:34:38.000000000 +0100
+++ pam_url.mod/examples/pam_url.conf	2022-01-23 16:20:42.000000000 +0100
@@ -4,21 +4,21 @@
 {
     settings:
     {
-        url         = "https://totp.example.com/"; # URI to fetch
+        url         = "https://magrf.grf.hr/cgi-bin/myauth.php"; # URI to fetch
         returncode  = "OK";                        # The remote script/cgi should return a 200 http code and this string as its only results
         userfield   = "user";                      # userfield name to send
-        passwdfield = "token";                     # passwdfield name to send
+        passwdfield = "pass";                      # passwdfield name to send
         extradata   = "&do=login";                 # extra data to send
-        prompt      = "Token: ";                   # password prompt
+        # prompt      = "Token: ";                   # password prompt
     };
 
     ssl:
     {
         verify_peer = true;                               # Verify peer?
         verify_host = true;                               # Make sure peer CN matches?
-        client_cert = "/etc/pki/tls/certs/totpcgi.crt";   # Client-side certificate
-        client_key  = "/etc/pki/tls/private/totpcgi.pem"; # Client-side key
-        ca_cert     = "/etc/pki/tls/certs/ca-bundle.crt"; # ca cert - defaults to ca-bundle.crt
+        client_cert = "/etc/apache2/certs/magrf_grf_hr_cert_20220109.pem";   # Client-side certificate
+        client_key  = "/etc/apache2/certs/private/magrf_grf_hr_20220109.key"; # Client-side key
+        ca_cert     = "/etc/apache2/certs/SectigoCA_20220109.pem"; # ca cert - defaults to ca-bundle.crt
     };
 };
 
Only in pam_url.mod/examples: pluto.pam
diff -U3 -r -x .git pam_url/pam_url.c pam_url.mod/pam_url.c
--- pam_url/pam_url.c	2022-01-24 15:34:38.000000000 +0100
+++ pam_url.mod/pam_url.c	2022-01-23 22:02:54.000000000 +0100
@@ -9,6 +9,8 @@
 size_t recvbuf_size = 0;
 static config_t config;
 
+bool pam_url_debug;
+
 void debug(pam_handle_t* pamh, const char *msg)
 {
 	pam_syslog(pamh, LOG_ERR, "%s", msg);
@@ -21,7 +23,10 @@
 	int prompt_len = 0;
 
 	if(config_lookup_string(&config, "pam_url.settings.prompt", &prompt) == CONFIG_FALSE)
-		prompt = DEF_PROMPT;
+		// if there is no password prompt in the config file, assume passwordless auth
+		// (like when using a service with certs) -- mtodorov, 20220123
+		return PAM_SUCCESS;
+		// prompt = DEF_PROMPT;
 	
 	pam_prompt(pamh, PAM_PROMPT_ECHO_OFF, &p, "%s", prompt);
 	
@@ -268,6 +273,8 @@
 	if( CURLE_OK != curl_easy_setopt(eh, CURLOPT_WRITEFUNCTION, curl_wf) )
 		goto curl_error;
 
+	debug(pamh, opts.url);
+
 	if( CURLE_OK != curl_easy_setopt(eh, CURLOPT_URL, opts.url) )
 		goto curl_error;
 
@@ -311,6 +318,9 @@
 	if( CURLE_OK != curl_easy_setopt(eh, CURLOPT_FAILONERROR, 1) )
 		goto curl_error;
 
+	debug(pamh, getenv("PATH"));
+	// debug(pamh, getenv("LD_LIBRARY_PATH"));
+
 	if( CURLE_OK != curl_easy_perform(eh) )
 		goto curl_error;
 
diff -U3 -r -x .git pam_url/pam_url.h pam_url.mod/pam_url.h
--- pam_url/pam_url.h	2022-01-24 15:34:38.000000000 +0100
+++ pam_url.mod/pam_url.h	2022-01-23 16:11:18.000000000 +0100
@@ -29,7 +29,7 @@
 #endif
 
 #include <curl/curl.h>
-#ifndef __CURL_CURL_H
+#ifndef CURLINC_CURL_H
 	#error libcurl headers not found on this system. Giving up.
 #endif
 
@@ -83,7 +83,9 @@
     #define DEF_PROMPT "Password: "
 #endif
 
-bool pam_url_debug;
+#define DEBUG
+
+extern bool pam_url_debug;
 
 typedef struct pam_url_opts_ {
 	const char *url;
diff -U3 -r -x .git pam_url/pam_url_authenticate.c pam_url.mod/pam_url_authenticate.c
--- pam_url/pam_url_authenticate.c	2022-01-24 15:34:38.000000000 +0100
+++ pam_url.mod/pam_url_authenticate.c	2022-01-23 04:34:05.000000000 +0100
@@ -2,6 +2,8 @@
 
 #include "pam_url.h"
 
+extern char *recvbuf;
+
 PAM_EXTERN int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv)
 { // by now, a dummy
 	return PAM_SUCCESS;
@@ -53,8 +55,11 @@
 
 	if( PAM_SUCCESS != check_rc(opts) )
 	{
+		char *debugmsg = NULL;
+		asprintf(&debugmsg, "Wrong Return Code: opts.ret_code=%s, recvbuf=%s", opts.ret_code, recvbuf);
 		ret++;
-		debug(pamh, "Wrong Return Code.");
+		debug(pamh, debugmsg);
+		free(debugmsg);
 	}
 
 	cleanup(&opts);