I'm not for sure if this is what you want, but I ran across these various login modules the other day...
if nothing else, the unixloginmodule.java should be a good starting point.
Originally I thought those would do the trick, but it turns out that it's only useful for client-side apps... it will attempt to log you in with the 'current user', which means whatever user is configured to run JBoss on the server... not a very good way to secure a website, unfortunately...
I did find a package called ShadowJAAS (http://www.bablokb.de/jaas/), which reads the Linux shadow passwords, and works for server-side apps... I can't get it to work unless I run JBoss or Tomcat as the 'root' user, though, which I'm not about to do... It actually has a bit of native code to do the reading, to take care of exactly the problem that I'm having with it, but it doesn't seem to work (even running it's test manually)... Does anyone have any experience with this?