I'm interested in writing a PAM module that would make use of a popular authentication mechanism for Unix logins. Most of my past programming experience has been in Python, and the system I'm interacting with already has a Python API. I googled around and found pam_python, which allows PAM modules to invoke the python intrepreter, therefore allowing PAM modules to be written essentially in Python.
However, I've read that there are security risks when allowing a user to invoke Python code that runs with a higher access level than the user itself, such as SUID Python scripts. Are these concerns applicable to a Python PAM module as well?