It is possible to configure the QCG-Computing service to authenticate users using usernames and passwords provided by local security context:

   <sm:Module xsi:type="sm:ecm_gsoap.service">
        <sm:Module xsi:type="sm:atc_transport_ssl.service">
        <sm:Module xsi:type="sm:atc_msg_wsse_username.service">
            <sm:Module xsi:type="sm:userdir_pam"/>
          <sm:Module xsi:type="sm:atz_username"/>

Please note:

  • qcgcertkey.pem must contain both service key and certificate,
  • the <UnprivilegedUser> user used to run the service must be authorized to use the pam_authenticate method (e.g. in case of flat passwd files, the group of the user must have read permission for the /etc/shadow file)
  • you must provide proper pam configuration for qcg-compd daemon
    # cat /etc/pam.d/qcg-compd 
    auth       include      system-auth
    account    include      system-auth