Unix / System Accounts

Authenticate users against the host's Unix accounts (passwd, shadow, group files) or a provided config directory.

Configuration

1) AuthManager (global)

AuthManager:
  authenticationEnabled: true
  authorizationEnabled: false
  config:
    # Option A: Explicit file paths
    passwordFile: "/etc/shadow"
    passwdFile: "/etc/passwd"
    groupFile: "/etc/group"

    # Option B: Config directory containing passwd + group
    # configDirectory: "{{MAPS_DATA}}/.security/unix"

Option A (direct paths) — reference your system’s shadow, passwd, and group files explicitly.
Option B (configDirectory) — point to a directory that contains passwd and group files in standard format.

Use the option that matches your deployment. For secure production systems, use the real system /etc/* paths. For containerized or test setups, use a local config directory.

Read-only authentication

MAPS uses the system’s passwd, shadow, and group files (or copies of them in a config directory) only for authentication.
It does not create, update, or delete accounts.
User and group management must be handled outside of MAPS (e.g., via useradd, passwd, or your system’s account management tools).

2) JAAS (`jaasAuth.config`)

UnixAuthConfig {
  io.mapsmessaging.security.jaas.UnixLoginModule Required
    debug=false;
};

3) SecurityManager mapping

SecurityManager:
  - unix: UnixAuthConfig

4) Listener example

- name: "NATS over TCP"
  url: "tcp://0.0.0.0:4222/"
  protocol: nats
  auth: unix

Configuration​

1) AuthManager (global)​

2) JAAS (jaasAuth.config)​

3) SecurityManager mapping​

4) Listener example​

Configuration

1) AuthManager (global)

2) JAAS (`jaasAuth.config`)

3) SecurityManager mapping

4) Listener example