Bug #70738 PAM configuration for pam authentication plugin doesn't work
Submitted: 27 Oct 2013 9:09 Modified: 19 Feb 2016 2:15
Reporter: Daniël van Eeden (OCA) Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Documentation Severity:S3 (Non-critical)
Version:5.6 OS:Linux (Ubuntu 13.04)
Assigned to: Paul DuBois CPU Architecture:Any

[27 Oct 2013 9:09] Daniël van Eeden 
Description:
Page: http://dev.mysql.com/doc/refman/5.6/en/pam-authentication-plugin.html

---------------------------------------------------
2. Set up PAM to authenticate the mysql service. Put the following in /etc/pam.d/mysql:

#%PAM-1.0
auth            include         password-auth
account         include         password-auth
---------------------------------------------------

This configuration does not work on Ubuntu 13.04, and probably doesn't work on any Ubuntu or Debian.

This will result in messages like these
Oct 26 18:01:51 machine01 mysqld: PAM _pam_load_conf_file: unable to open /etc/pam.d/password-auth

How to repeat:
Follow the steps to setup the pam authentiction plugin on Ubuntu. And then try to use it and watch /var/log/auth.log

Suggested fix:
Use the following for /etc/pam.d/mysql on Ubuntu and other Debian based distributions.
---------------------------
@include common-auth
@include common-account
@include common-session-noninteractive
---------------------------
[15 Apr 2014 11:26] MySQL Verification Team 
Hello Daniel,

Thank you for the bug report.
Verified as described.

Thanks,
Umesh
[19 Feb 2016 2:15] Paul DuBois 
Thank you for your bug report. This issue has been addressed in the documentation. The updated documentation will appear on our website shortly.