diff --git a/misc/pam_authentication/pam_authentication.c b/misc/pam_authentication/pam_authentication.c
index 906af84295829d1956175518f9fbfa9ef422f851..4abef5bddb2a6c11ecefdcc8a1bf9179835bca84 100644
--- a/misc/pam_authentication/pam_authentication.c
+++ b/misc/pam_authentication/pam_authentication.c
@@ -25,6 +25,16 @@
 // Pam Authentication
 // A. Schlemmer, 07/2018
 
+/*
+Note: This program needs sufficient right to authenticate against anyone but
+oneself.  This can be done for example by changing the effective group id:
+
+```
+$ ls -l bin
+-rwxrwsrwx 1 root shadow 16992 Apr 28 07:45 pam_authentication
+```
+*/
+
 #include <stdbool.h>
 #include <stdlib.h>
 #include <stdio.h>
@@ -68,16 +78,18 @@ bool get_password(char *filename) {
   // With code from https://stackoverflow.com/a/1196696/232888
   // by user https://stackoverflow.com/users/89266/dfa
   struct termios backup, secret_setting;
-
+  bool is_tty = isatty(fileno(stdin));
   /* disable echo */
-  tcgetattr(fileno(stdin), &backup);
-  secret_setting = backup;
-  secret_setting.c_lflag &= ~ECHO;
-  secret_setting.c_lflag |= ECHONL;
-
-  if (tcsetattr(fileno(stdin), TCSANOW, &secret_setting) != 0) {
-    perror("Setting echo-less output flags failed.");
-    return EXIT_FAILURE;
+  if (is_tty) {
+    tcgetattr(fileno(stdin), &backup);
+    secret_setting = backup;
+    secret_setting.c_lflag &= ~ECHO;
+    secret_setting.c_lflag |= ECHONL;
+
+    if (tcsetattr(fileno(stdin), TCSANOW, &secret_setting) != 0) {
+      perror("Setting echo-less output flags failed.");
+      return EXIT_FAILURE;
+    }
   }
 
   FILE *pwfile;
@@ -85,7 +97,9 @@ bool get_password(char *filename) {
     pwfile = fopen(filename, "r");
     if (pwfile == NULL) {
       perror(filename);
-      tcsetattr(fileno(stdin), TCSANOW, &backup);
+      if (is_tty) {
+        tcsetattr(fileno(stdin), TCSANOW, &backup);
+      }
       return false;
     }
   } else {
@@ -101,9 +115,10 @@ bool get_password(char *filename) {
   password[pwlen - 1] = 0;
 
   /* restore terminal settings */
-  if (tcsetattr(fileno(stdin), TCSANOW, &backup) != 0) {
-    perror("Resetting output flags failed.");
-    return EXIT_FAILURE;
+  if (is_tty) {
+    if (tcsetattr(fileno(stdin), TCSANOW, &backup) != 0) {
+      perror("Resetting output flags failed.");
+    }
   }
 
   return true;
@@ -133,9 +148,13 @@ int main(int argc, char **argv) {
     fprintf(stderr, "Error in starting pam authentication.\n");
     return 2;
   }
-
+  /* printf("\n>%s<\n", password);  // Warning: this prints the password! */
   res = pam_authenticate(pamh, 0);
-  // printf("Return code %i: %s\n", res, pam_strerror(pamh, res));
+
+/* printf("PAM_AUTH_ERR: %i\n\ */
+/* PAM_CRED_INSUFFICIENT: %i\n\ */
+/* PAM_AUTHINFO_UNAVAIL: %i\n", PAM_AUTH_ERR, PAM_CRED_INSUFFICIENT, PAM_AUTHINFO_UNAVAIL); */
+/*   printf("Return code (success=%i) %i: %s\n", PAM_SUCCESS, res, pam_strerror(pamh, res)); */
   free(password);
   
   return res;