MariaDB has had pluggable authentication since MariaDB 5.2. Our most popular authentication plugin that we ship in MariaDB is the PAM authentication plugin. Naturally one is curious to see if users would like to see more authentication plugins being made available, so we’ve posted a poll on Facebook. Please feel free to add your vote to the poll so we have a better idea of where to focus our future pluggable authentication development.

5 thoughts on “What other pluggable authentication plugins would you like in MariaDB?

  1. As you already have PAM, please do not waste your time implementing any plugins for authentication methods which already are supported with PAM.

  2. PAM pretty much covers it all … validation via a MySQL Stored Function would the only other thing i can think of right now as it would avoid the need for loading some native code shared library completely.

    But can we get out-of-the-box transport encryption of passwords while we’re on it?

    PS: can’t vote on the poll, can’t even see it, and no i won’t create a FB account just for that …

  3. The main problem with PAM – and it’s fundamental and not fixable – it obtains any information it needs by *asking the user*. So it cannot authenticate the user based on the environment (like, a running shell session) or based on some token that a user might have . For example, the USBSN plugin from my “MySQL 5.1 Plugin Development” book – it cannot work with PAM, unless you are prepared to ask your users a lame question like “please enter the serial number of your USB key”.

    I mean, it cannot work over the network. If the user and the mysqld server are on the same physical host, PAM might be enough. The pam_usb module does exist.

Comments are closed.