If the SELECT clause that looks up a user based on username matches more than row, pam-mysql currently fails with a message about "an indetermined result".
This patch adds a parameter, "allow_multiple_matches", which can be true or false. When false (the default), behavior is unchanged except that the log message is a little clearer. When true, pam-mysql will traverse all matching rows; if any has a matching password, authentication will succeed; if none match, authentication will fail.
Patch file to (optionally) support multiple passwords for a single user.