Here are steps that explain how to switch MWS from using LDAP authentication to PAM authentication.
First stop Tomcat
#############################
[root]# systemctl stop tomcat
#############################
Then figure out where the tomcat service file is located. To do this run the following
#############################
[root]# systemctl status tomcat
tomcat.service - Apache Tomcat Web Application Container
Loaded: loaded (/usr/lib/systemd/system/tomcat.service; ...
#############################
Now edit the service file and configure tomcat to run as the root user instead of the tomcat user
#############################
[root]# vim /usr/lib/systemd/system/tomcat.service
...
User=root
...
#############################
Next edit the MWS configuration file and tell MWS to connect to the operating system PAM module instead of directly to the LDAP server.
#############################
[root]# cd /opt/mws/etc
[root]# vim mws-config.groovy
#############################
Comment out ALL of the lines that start with ldap by prepending them with a // as shown below. Make sure you comment them all out. If you miss one MWS will try to contact LDAP directly instead of PAM.
#############################
//ldap.server = ...
//ldap.port = ...
//ldap.baseDNs = ...
//ldap.bindUser = ...
//ldap.password = ...
//ldap.directory.type = ...
#############################
Add a line that tells MWS to connect to the PAM login module in the operating system.
#############################
pam.configuration.service = "login"
#############################
Save this file and reload the services files
#############################
[root]# systemctl daemon-reload
#############################
Now restart tomcat.
#############################
[root]# systemctl restart tomcat
#############################
Make sure tomcat is running as the root user (not the tomcat user)
#############################
[root]# ps -ef | grep tomcat | grep MWS
root 2827 1 99 17:37 ? 00:01:39 /usr/java/latest/bin/java -DMWS_HOME=/opt/mws ...
#############################
Open the MWS health page in a web browser (e.g. http://localhost:8080/mws ) and make sure the green/red dot for LDAP is no longer visible. In its place should be a green dot labeled PAM probably right between the dots for "ZeroMQ Message Queue" and "Insight Server". If you still seen a LDAP dot you probably forgot to comment out an ldap line in the mws-config.groovy.
Now try to log into Viewpoint as a user that exists on the operating system (but not "root").