MaxScale's PAM authenticators support user and group mapping, but this is completely undocumented:
The relevant information and limitations should probably be documented. Feel free to refer to the MariaDB Server documentation that describes the pam_user_map PAM module, where it is relevant:
One very important thing to document is that based on the commit associated with
MXS-1758, it looks like group mapping only works with MaxScale if the proxy user is the ''@'%' anonymous user.