I do have a custom authentication mechanism which is written in Java. I was wondering what would be the best way to implement a Linux PAM module without rewriting the code in C?
I am aware of this list of available PAM modules but none of them are Java-related.
There's also JPam but it does the opposite thing: it allows to get user/group information to be used in Java app whereas I need to use existing Java code to authenticate users in Linux (e.g. via SSH).
Any suggestions are welcome.
You could try:
but neither of those ideas seem ideal.
Write a C wrapper to interface with PAM and within the implementation, use JNI to invoke an instance of the JVM.
JVM launching wrappers were very popular when people still wanted to deliver "exe"s that really ran programs in JARs. You'll want to look into what's not normally done with JNI, calling a JVM from a binary executable; unfornately, most JNI instructions focus on calling C code from Java.
A good example of how to create a JVM from C code can be found here. Turning the C code module into a PAM shared object library will take a little work, but it's not likely to be too difficult.
Finally, don't forget that JNI uses and returns Java types for most of it's operations. This means you'll have to read the "C" data types (probably char*) and create Java strings prior to passing them into your JVM. The same is true in reverse for receiving information from Java and passing it back to the PAM libraries.
Good luck!
You can actually get Java to talk to a C stub that in-turn connects to the PAM callbacks. Read up on JNI (Java Native Interface). Mostly JNI is used to expose C to Java, but you can actually do it the other way around. You may also want to investigate GNU CNI as it's actually more convenient to use. There are a lot of resources listed at the Wikipedia JNI page