Authenticate via PAM

Description

We would like to authenticate users with the standard Linux authentication subsystem, PAM. Our installation will authenticate against Active Directory.

PAM authentication on an AD-integrated system has several benefits. AD integration typically uses sssd, which is topology aware, so it should be more resilient to outages or changes in individual AD servers. It will ensure proper encryption and bi-directional authentication for all password related operations. It will properly validate any certificates used in AD. It should also avoid the need for a service account for LDAP binds.

Proposal

Offer PAM as an authentication system.

Links / references

Premium Customers

https://gitlab.my.salesforce.com/00161000004bZxf
https://gitlab.my.salesforce.com/00161000006fkPe