Has there been any discussion about making available a standard login module that allows authentication against PAM on platforms that support it? The systems I develop for have already have extensive lockdown applied using pam and sssd using guidance based on UNIX STIG. Since the system communicates with ldap via ssl already it seems like having wildfly be able to leverage this for authentication is a no-brainer.
I've developed a rough loginmodule implementation that extends from Picketbox's abstract login module that will mostly do this. I've not worked out all of the issues yet but it's mostly working, aside from having roles passed all the way though to ejb invocation. It's leveraging libpam4j to authenticate against the local pam configuration.
Any thoughts about having a module like this be a standard part of wildfly?