diff --git a/src/config.rs b/src/config.rs
index c6e4ee0503dcbbba36414c0e78625fa993de6132..7d3045919908b3b465d30e8f1c8c48f9c6430494 100644
--- a/src/config.rs
+++ b/src/config.rs
@@ -15,29 +15,28 @@
 
 extern crate config;
 
-fn load_config(config_file: String) -> config::Config {
-    let mut conf = config::Config::default();
+const DEFAULT_CONFIG_FILE: &str = "/etc/nss_pam_oidc";
 
+pub fn get_config(conf_args: Option<config::Config>) -> config::Config {
+    // Preset default configuration
+    let mut conf = config::Config::default();
     conf.set("pam.flow", "password").ok();
 
-    conf
-        .merge(config::File::with_name(&config_file)).unwrap()
-        .merge(config::Environment::with_prefix("NSS_PAM_OIDC")).unwrap();
+    // Unwrap passed arguments or use empty fallback
+    let conf_args = conf_args.unwrap_or_default();
 
-    return conf;
-}
+    // Determine config file from args if provided and load config file
+    let config_file = match conf_args.get_str("config") {
+        Ok(filename) => filename.to_string(),
+        Err(_) => DEFAULT_CONFIG_FILE.to_string(),
+    };
+    conf.merge(config::File::with_name(&config_file)).ok();
 
-pub fn get_config(conf_args: config::Config) -> config::Config {
-    let config_file: String;
-    let config_file_passed = conf_args.get_str("config");
-    if config_file_passed.is_ok() {
-        config_file = config_file_passed.unwrap().to_string();
-    } else {
-        config_file = "/etc/nss_pam_oidc".to_string();
-    }
+    // Override configuration from environment variables
+    conf.merge(config::Environment::with_prefix("NSS_PAM_OIDC")).ok();
 
-    let mut conf = load_config(config_file);
-    conf.merge(conf_args).unwrap();
+    // Override configuration from args passed on module loading (e.g. args in PAM stack)
+    conf.merge(conf_args).ok();
 
     return conf;
 }
diff --git a/src/pam.rs b/src/pam.rs
index 5edea9f3ebf02246e066d03858fb2e75c5d1df2c..2200ee315f2934b8e1167d637af27a79000f1f1d 100644
--- a/src/pam.rs
+++ b/src/pam.rs
@@ -138,7 +138,7 @@ fn do_legacy_auth(username: String, password: String, config: Config) -> Result<
 
 fn pam_sm_prepare(argv: &Vec<String>) -> Config {
     let conf_args = argv_to_config(argv);
-    let conf = get_config(conf_args);
+    let conf = get_config(Some(conf_args));
 
     let mut log_level = log::LevelFilter::Error;
     if conf.get_bool("debug").unwrap_or_default() || conf.get_bool("pam.debug").unwrap_or_default() {