Hi, Alexey! On Jun 30, Alexey Botchkov wrote:

...

not sure about calling it "safe". I think it's more of a side effect, the main feature it that it works, while old pam plugin simply doesn't :) unless mysqld is run as root.

and not totally sure about calling it also pam. it means one won't be able to load it and the old pam plugin at the same time. I suspect it'll still ok and benefits overweight it.

Well i'm open to any ideas here :) We can swap 'safe' with somethin else. 'box' for instance. Or we can instead rename the original version like 'fast' or 'old'. Finally we can build only one version of the plugin. The 'safe' whenever possible.

I'd rather rename the old version to (old) or (requires root) or something.

I also have a question about the testing. Now pam*.test-s rely on some mariadb_mtr setup for PAM. How can i see what is in the expected pam.d configuration file, and what pam modules are used?

See plugin/auth_pam/testing/pam_mariadb_mtr.c Regards, Sergei Chief Architect MariaDB and security@mariadb.org