I spent some playing with authentication - and I was stuned to discover that the UnixLoginModule, which I allways believed will authenticate using Unix and PAM is in fact just returning the current user id and group ( and not even the group name - just the ID).

And a quick search showed no PAM JAAS module. I just can't understand - JAAS is basically a java version of PAM, it was supposed to be perfectly integrated. Why would they include a completely useless "UnixLoginModule" which doesn't do any auth at all ( most unix auth is implemented using PAM, that's why I expected UnixLM to use it ) ?

JAAS itself is a nice API - except for the bad idea to use exceptions for control flow ( throw exception instead of returning false ). And a PAM LoginModule would allow all the existing PAM support to integrate perfectly into java.