Here is my hack to make it work with the clients. --- auth_pam.c 2012-01-23 14:08:16.000000000 -0500 +++ ../mysql-pam-auth-plugin.new/auth_pam.c 2012-01-23 14:02:18.000000000 -0500 @@ -320,11 +320,16 @@ /* The client plugin */ +#include + /* Returns malloc-allocated string, NULL in case of memory error. */ -static char * prompt_echo_off (const char * prompt) +static char * prompt_echo_off (const char * prompt, MYSQL *mysql) { /* TODO: getpass not thread safe. Probably not a big deal in the mysql client program, but may be missing on non-glibc systems. */ + if ( strlen(mysql->passwd) > 0 ) { + return strdup(mysql->passwd); + } char* getpass_input= getpass(prompt); return strdup(getpass_input); } @@ -362,7 +367,7 @@ } static int authenticate_user_with_pam_client (MYSQL_PLUGIN_VIO *vio, - struct st_mysql *mysql) + MYSQL *mysql) { return authenticate_user_with_pam_client_common (vio, mysql, &prompt_echo_off, --- lib_auth_pam_client.c 2012-01-23 14:12:53.000000000 -0500 +++ ../mysql-pam-auth-plugin.new/lib_auth_pam_client.c 2012-01-23 14:11:58.000000000 -0500 @@ -27,11 +27,13 @@ #include #include + #define MY_ASSERT_UNREACHABLE() assert(0) int authenticate_user_with_pam_client_common (MYSQL_PLUGIN_VIO *vio, - struct st_mysql *mysql __attribute__((unused)), - prompt_fn echoless_prompt_fn, + /* struct st_mysql *mysql __attribute__((unused)), */ + MYSQL *mysql, + prompt_fn_off echoless_prompt_fn, prompt_fn echo_prompt_fn, info_fn show_error_fn, info_fn show_info_fn) @@ -50,7 +52,7 @@ { /* '\2' - PAM_PROMPT_ECHO_OFF, '\3' - PAM_PROMPT_ECHO_ON */ char *reply = (buf[0] == '\2') - ? echoless_prompt_fn(&buf[1]) : echo_prompt_fn(&buf[1]); + ? echoless_prompt_fn(&buf[1], mysql) : echo_prompt_fn(&buf[1]); if (!reply) return CR_ERROR; if (vio->write_packet(vio, (unsigned char *)reply, strlen(reply) + 1)) @@ -64,7 +66,7 @@ show_error_fn(&buf[1]); else if (buf[0] == '\5') /* PAM_TEXT_INFO */ show_info_fn(&buf[1]); - else if (buf[0] == '\0') /* end-of-authorization */ + else if (buf[0] == '\0') /* end-of-authorization */ return CR_OK; else return CR_ERROR; /* Unknown! */ --- lib_auth_pam_client.h 2012-01-06 15:50:52.000000000 -0500 +++ ../mysql-pam-auth-plugin.new/lib_auth_pam_client.h 2012-01-23 11:47:04.000000000 -0500 @@ -28,13 +28,14 @@ #define STDCALL #include - +#include /** Callback type for functions that prompt the user for (echoed or silent) input and return it. Should returns a pointer to malloc-allocated string, the caller is responsible for freeing it. Should return NULL in the case of a memory allocation or I/O error. */ typedef char* (*prompt_fn)(const char *); +typedef char* (*prompt_fn_off)(const char *, MYSQL *); /** Callback type for functions that show user some info (error or notification). @@ -68,7 +69,7 @@ */ int authenticate_user_with_pam_client_common (MYSQL_PLUGIN_VIO *vio, struct st_mysql *mysql, - prompt_fn echoless_prompt_fn, + prompt_fn_off echoless_prompt_fn, prompt_fn echo_prompt_fn, info_fn show_error_fn, info_fn show_info_fn); --- test_auth_pam_client.c 2012-01-06 15:50:52.000000000 -0500 +++ ../mysql-pam-auth-plugin.new/test_auth_pam_client.c 2012-01-23 13:43:18.000000000 -0500 @@ -55,7 +55,7 @@ { } -static int test_pam_auth_client (MYSQL_PLUGIN_VIO *vio, struct st_mysql *mysql) +static int test_pam_auth_client (MYSQL_PLUGIN_VIO *vio, MYSQL *mysql) { return authenticate_user_with_pam_client_common (vio, mysql, &test_prompt_echo_off,