install plugin pam soname 'auth_pam.so'; create user test_pam identified via pam using 'mariadb_mtr'; grant all on test.* to test_pam; create user pam_test; grant all on test.* to pam_test; grant proxy on pam_test to test_pam; # # athentication is successful, challenge/pin are ok # note that current_user() differs from user() # Challenge input first. Enter: ************************* Now, the magic number! PIN: 9225 select user(), current_user(), database(); user() current_user() database() test_pam@localhost pam_test@% test # # athentication is unsuccessful # Challenge input first. Enter: ************************* Now, the magic number! PIN: 9224 # # athentication is unsuccessful # Challenge input first. Enter: **************** Now, the magic number! PIN: 616 # # athentication is successful # Now, the magic number! PIN: 9212 select user(), current_user(), database(); user() current_user() database() test_pam@localhost pam_test@% test # # athentication is unsuccessful # Now, the magic number! PIN: 9212 # # MDEV-26339 Account specifics to be handled before proxying # alter user pam_test account lock; alter user pam_test require subject 'foobar'; alter user pam_test password expire; Now, the magic number! PIN: 9212 select user(), current_user(), database(); user() current_user() database() test_pam@localhost pam_test@% test alter user pam_test account unlock; alter user pam_test require none; alter user pam_test identified by ''; show create user pam_test; CREATE USER for pam_test@% CREATE USER `pam_test`@`%` alter user test_pam account lock; Now, the magic number! PIN: 9212 alter user test_pam account unlock; alter user test_pam require subject 'foobar'; Now, the magic number! PIN: 9212 alter user test_pam require none; alter user test_pam password expire; Now, the magic number! PIN: 9212 select user(), current_user(), database(); drop user test_pam; drop user pam_test; create user PAM_TEST identified via pam using 'mariadb_mtr'; grant all on test.* to PAM_TEST; # # athentication is unsuccessful # Challenge input first. Enter: ************************* Now, the magic number! PIN: 9225 set global pam_winbind_workaround=1; # # athentication is successful # Challenge input first. Enter: ************************* Now, the magic number! PIN: 9225 select user(), current_user(), database(); user() current_user() database() PAM_TEST@localhost PAM_TEST@% test drop user PAM_TEST; # # MDEV-27341 Use SET PASSWORD to change PAM service # create user pam_test identified via pam using 'mariadb_mtr'; grant all on test.* to pam_test; Challenge input first. Enter: ************************* Now, the magic number! PIN: 9225 select user(), current_user(), database(); user() current_user() database() pam_test@localhost pam_test@% test set password='foo'; ERROR HY000: SET PASSWORD is ignored for users authenticating via pam plugin show create user; CREATE USER for pam_test@% CREATE USER `pam_test`@`%` IDENTIFIED VIA pam USING 'mariadb_mtr' drop user pam_test; uninstall plugin pam;