Authentication with pam

Overview

The pam authentication plugin provides authentication using Pluggable Authentication Modules (PAM).

Install

The pam authentication plugin must be installed before it can be used.

To install with the INSTALL SONAME statement:

INSTALL SONAME 'auth_pam';

To install in a configuration file with the plugin_load_add option:

[mariadb]
...
plugin_load_add = auth_pam

Create User

To create a user account that uses the pam authentication plugin, specify the plugin in the CREATE USER statement:

CREATE USER 'USER'@'192.0.2.%'
   IDENTIFIED VIA pam;

An optional service name can be specified:

CREATE USER 'USER'@'192.0.2.%'
   IDENTIFIED VIA pam USING 'mariadb';

In the above example, the service name is set to 'mariadb', so the PAM configuration file at /etc/pam.d/mariadb is used for authentication. When a service name is not specified, the default service name is 'mysql'.