Martin - 2007-05-26

Currently, this project doesn't support the use of certificates for a secure remote connection, as described in http://dev.mysql.com/doc/refman/5.0/en/secure-connections.html

I modified the pam_mysql.c file from Debian Etch, the libpam-mysql v0.6.5, to support REQUIRE SSL connections, and REQUIRE X509 connections. I haven't tested the X509 part, but the SSL connections work for me.

Three new options were added:

ca=/path/name
cert=/path/name
key=/path/name

ca: pathname to the certificate authority file.
cert: pathname to the certificate file.
key: pathname to the key file.

ca is the certificate for enabling a REQUIRES SSL connection, cert and key are
for a REQUIRES X509 connection.

I don't want to clog this thread with c code, or a diff, so I hosted the .tar.gz on http://www.ptraced.net/pam_mysql.tar.gz
This compressed tar includes the modified c file, from Debian Etch, and a diff file for patching. It also includes a small documentation on how to use these new options. The code isn't perfect, it's a quick hack that I pulled over a weekend, and it just works for me. Input and improvements are welcome!