PAM (Pluggable Authentication Modules) enables a system to access various kinds of authentication methods through a standard interface. As of MySQL 5.5.16, commercial distributions of MySQL include a PAM authentication plugin that enables MySQL Server to use PAM to authenticate MySQL users.

The PAM plugin uses the information passed to it by the MySQL server (such as user name, host name, password, and authentication string), plus whatever is available for PAM lookup (such as Unix passwords or an LDAP directory). The plugin checks the user credentials against PAM and returns 'Authentication succeeded, Username is user_name' or 'Authentication failed'.

The PAM authentication plugin provides these capabilities:

The following table shows the plugin and library file names. The file name suffix might be different on your system. The file location must be the directory named by the plugin_dir system variable. For installation information, see Section 5.6.2.1, “Installing the PAM Authentication Plugin”.

The library file includes only the server-side plugin. As of MySQL 5.5.10, the client-side plugin is built into the libmysql client library. See Section 5.6.4, “The Clear-Text Client-Side Authentication Plugin”.

The server-side PAM authentication plugin is included only in commercial distributions. It is not included in MySQL community distributions. The client-side clear-text plugin that communicates with the server-side plugin is built into the MySQL client library and is included in all distributions, including community distributions. This permits clients from any 5.5.10 or newer distribution to connect to a server that has the server-side plugin loaded.

The PAM authentication plugin has been tested on Linux and Mac OS X. It requires MySQL Server 5.5.16 or newer.

For general information about pluggable authentication in MySQL, see Section 5.6, “Pluggable Authentication”. For proxy user information, see Section 5.7, “Proxy Users”.