From the standpoint of WebMapReduce, configuring PAM is simple: just set it as the authentication method in include/settings.php:

$wmrAuthMethod = 'pam';

The real configuration is done in PAM itself by creating a service configuration for PHP, typically in a file named /etc/pam.d/php. Details on configuring PAM are beyond the scope of this guide. However, if you want PHP (and WebMapReduce) to use the same configuration as your system does for logins, you can simply copy that configuration:

# These locations may vary from system to system
$ cp /etc/pam.d/login /etc/pam.d/php

There is one further caveat to this method: on many systems, if you want to use so-called "traditional Unix file-based authentication" (i.e., using /etc/passwd and /etc/shadow) with PAM, the user that is requesting the authentication must be able to read the /etc/shadow file. Thus, if your system uses this type of authentication and you want to use this same method to authenticate in WebMapReduce, then the webserver must be given read access to this file.

The typical way to achieve this is to create a shadow group, give that group ownership of the /etc/shadow file, and add the webserver account to that group. On some systems, a shadow group may already exist for this purpose. Typical commands are as follows:

$ groupadd shadow
$ chgrp shadow /etc/shadow
$ usermod www -aG shadow