Linux PAM module in Java

Question

I do have a custom authentication mechanism which is written in Java. I was wondering what would be the best way to implement a Linux PAM module without rewriting the code in C?

I am aware of this list of available PAM modules but none of them are Java-related.

There's also JPam but it does the opposite thing: it allows to get user/group information to be used in Java app whereas I need to use existing Java code to authenticate users in Linux (e.g. via SSH).

Any suggestions are welcome.

Answer 1

Have you thought of using pam_exec?

It allows you to run a script for PAM.

e.g. You add something like the following to your PAM config:

auth sufficient pam_exec.so expose_authtok /usr/local/bin/myscript-example

Here's a simply script that echoes all the vars out, but you could just as easily have it kick off a Java program, passing the needed vars in.

Based on whether the script succeeds or errors out should control whether the auth is successful or not.

Example Script to reflect all the vars:

#!/bin/sh
read password
echo "User: $PAM_USER"
echo "Ruser: $PAM_RUSER"
echo "Rhost: $PAM_RHOST"
echo "Service: $PAM_SERVICE"
echo "TTY: $PAM_TTY"
echo "Password : $password"
exit $?