Modern Stateless Authentication for Legacy Stateful Systems: Enabling OAuth/OIDC User Experience Without Rebuilding the Core Product

Legacy enterprise infrastructure products such as file and print servers typically use stateful directory-based authentication such as identity sources supported by LDAP and service principals backed by Kerberos, both of which are deeply integrated into the core runtime. In contrast, enterprise customers increasingly want modern browser-native administrative experiences using OAuth 2.0 and OpenID Connect (OIDC) based on authentication state encoded in cryptographically signed JSON Web Tokens (JWTs). A popular myth is that to provide such a modern experience, a large-scale rewrite of the legacy system is required. Describe a bridging architecture that rejects that myth and only requires small additions to be made at the edge of the system as an identity translation layer between modern token-based identities and OS-native principals, while also leveraging the battle-tested legacy core. Implementation connects the modern management plane to the existing Linux-based legacy server via a token-verifying PAM-based authentication module and a trust registry for SSO handler instances, stored in the existing directory infrastructure and managed by the administrator. This enables modern SSO flows while preserving the existing filesystem and internal service security models. It accomplishes a realistically achievable path to Zero Trust-based administrative governance without the risks and costs associated with system redevelopment.