You will have to write your own login module to do the os specific integration as there is no existing one I am aware of.
I am looking to use the Linu OS for authentication as well.
Mrchucho, were you successfuk at implementing this?
Actually, i finally was successful. I've been meaning to write up an explanation, but here it is in a nutshell:
1) use SysAuth: http://www.scribblin.gs/software/sysauth.html
2) implement your own subclass of UsernamePasswordLoginModule calling Sysauths's isAllowed method
This assumes you want to use PAM and JBoss's built-in security. I will try and put together some more detailed instructions, because I know that none exist.
I'd appreciate any write up that you come up with. I can guarantee you several others will be interested in the same solution.
I will start reading up on SysAuth.
Sorry it took so long, but I've posted the initial draft of my JBoss Linux Authentication HOWTO.
I'm going to try putting together some of the links I used to figure all this out and maybe organize things better, but in the meantime check it out and let me know if it works/makes sense/helps!
Excellent. Thanks for writing this up. I will go over it today. I was writing my own JNI C program to use PAM to get to the NIS passwd file. In place of downloading Sysauth. If I can't get mine to work, I may punt and get the Sysauth library.
You should post this on java.sun.com forums as well when finished.
I was writing my own JNI C program to use PAM to get to the NIS passwd file.
SysAuth uses JNI to access PAM. The authentication is then handled like any other PAM module (e.g. ssh, ftp, login, etc.). You might want to save yourself the duplicated effort.
Followup on your write up. I am using
auth required pam_unix.so
in the /etc/pam.d java_auth file.
I decided to use Sysauth but am receiving a PAM library load error in the /var/log/messages file:
unable to opendl (/var/lib/security/pam_unix.so)
Not sure what I missed. Once I get this resolved I should be up and running.
It may depend on your distribution... I would check other files in /etc/pam.d (i.e. grep pam_unix.so *) and see how they do it. You may need to prepend some path info. Also, see my note about stacking:
auth required pam_stack.so service=system-authThis format may be required in some cases. If you get it working, let me know and I will update my HOWTO.
Got it, my bad. I was using my old JNI-PAM implementation which did not dynamically load the /usr/lib/lib_pam.so library via the dlopen() call. This is needed since PAM does not load the needed shared objects. Once I corrected my links and used the Sysauth stuff, all worked as advertised.
Thanks. Keep your writeup as is. This site should have Duke dollars or Jboss dollars. I owe you.
Is there anyway to get the Jboss security POC to add your writeup to the JBoss/JAAS security FAQs.