Wed, 28 Sep 2005


From the package documentation:

  1. What on earth is PAM anyway?
  2. Are there any tools for changing passwords etc. that are in PAM-MySQL?
  3. I need to retrieve misc. UNIX user information such as one's home directory coming from MySQL. Can pam-mysql do this?
  4. How can I quickly tell in which way a given password is encrypted, PASSWORD(), CRYPT()-ed, or md5()?
  5. I set up saslauthd (of Cyrus-SASL) to use PAM-MySQL for authentication and noticed some authentication mechanisms such as CRAM-MD5 don't work. Why?
  6. PAM-MySQL is licensed under GNU Public License and I heard that GPL requires the program that links to a GPL'ed shared binary object at runtime also being covered by GPL. Is it safe to use PAM-MYSQL from a program with a license that is incompatible with GPL?
  7. I was able to build PAM-MySQL without problems, but MD5 doesn't work. Why?
  8. I could not build pam-mysql on Solaris with the official MySQL binary package. How can I fix this?

See more ...

pam-mysql 0.6.2 and 0.7pre3 are released.

The new releases include some crucial security fixes and the users are strongly urged to upgrade their installation.

Addressed security concerns:

  • Possible segmentation fault in the SQL logging facility, which can cause Denial-of-Service (DoS).

  • Flaws in the authentication and authentication token alteration code where incorrect treatment of the pointer returned by pam_get_item() were spotted. They can most likely induce DoS or possibly lead to more severe problems.


  • Changed handling of the "where" option to not escape meta characters (PR #1261484). (0.7pre3)

  • Overhauled the SQL logging facility (PR #1256243). (0.6.2, 0.7pre3)

  • Added logrhostcolumn (log.rhost_column) option that enables you to log the value of the "rhost" item specified by the application. (0.7pre3)

  • Fixed possible security flaw (0.7pre3)

  • Fixed memory leaks spotted when "config_file" option is used. (0.7pre3)

  • Fixed try_first_pass behaviour. (0.7pre3) ,

  • Changed option parsing behaviour so "=" following each option name is not needed. (0.7pre3)

You can download either one from the following URL:

Sun, 18 Sep 2005

pam-mysql 0.6.1 and 0.7pre2 are released.

pam-mysql 0.6.1 and 0.7pre2 are finally released. I would thank all the people who supported the project through bug reports, suggestions, etc..

New features:

  • SHA1 hash support. (0.7pre2)

  • Added "use_first_pass" and "try_first_pass" options to conform with the PAM convensions. (0.7pre2)

  • Added "use_323_passwd" option allows you to use an encryption function used in the old MySQL versions (3.23.x). (0.6.1, 0.7pre2)


  • Changed column name handling to not escape meta characters to allow an expression in every XXXcolumn variable like "CONCAT(a, b, c)". (0.7pre2)

  • Fixed account management code that wouldn't work at all :-p (0.6.1, 0.7pre2)

  • Included pam_mysql.spec to the tarball by default. This enables you to make a RPM with the following oneliner. (0.6.1, 0.7pre2)

    rpmbuild -tb pam_mysql.tar.gz
  • Fixed compile failure that occurs with the old mysql_config (< 4.0.16). (0.6.1, 0.7pre2)

  • Fixed compile failure on Solaris when --with-openssl is specified to the configure script. (0.6.1, 0.7pre2)