First, thank you all for writing XWiki. I settled on it after a somewhat exhaustive search, and it (so far) seems like the best overall solution.
I wrote a password authentication module (PAM) bridge from UNIX/Linux systems to XWiki. This module was inspired by, modeled and written after the LDAP module. The use case and mechanism is very similar.
The motivation for this module addresses the need for systems that have a particular PAM configuration and want to use it to authenticate users. This was written because the LDAP module did not consistently function as described in this thread, and I had the same experience with
m0nty where I’d see connection peer resets by the LDAP server:
For those that use the LDAP NSS module, which both authenticate users on the OS itself, using this module allows authentication to XWiki to LDAP via this software.
I have written two project: the first as a general library outside the context of XWiki for others, which uses pwauth to do the PAM authentication. This tool is commonly available on UNIX/Linux machines as a package.
The second package is written as an extension that was heavily borrowed and stolen from the LDAP extension. I tried to get the process and flow as closely as possible to the LDAP module. However, I did cut user and group mapping to simplify it.
Hopefully you won’t say I’ve reinvented the wheel as I looked around quiet a bit and couldn’t find anything similar. Please take a look, and if you want, I’ll push these as jars to Maven Central. I’m also willing to make modifications to make it (more) compat, although I can’t say I have copious amounts to time to make big changes.
Note that I am currently on 10.11.10 as version 11 was not stable for me (perhaps JDK 11 was the issue as I’ve read).
Hope this is useful.
Regards, Paul Landes