[BUG] Cannot administrate User's right when using pam

Hi,

We use PAM to authenticate our users against an Active Directory backend. It works fine.

However, when a user is authenticated with pam, it is impossible to assign it's rights through HeidiSQL.

Attached files are screenshot of the error, and the configuration in the 'mysql.user' table.

Forgot to mention. We are using MariaDB, latest stable release (10.x).

HeidiSQL says so when a password has neither 0, 16, nor 41 characters. How long is the password hash in your pam cases?

There is no password hash, since the authentication is handled by PAM.

This is a normal behavior; there won't be any password hash when authentication is handled externally.

Yes, but I still guess there is something in the password column, otherwise Heidi would not complain about an invalid user. Well, even if that was not the case, pam users would still be handled a bit buggy by Heidi's user manager.

No, there is nothing in the password hash.

*************************** 31. row ***************************
                  Host: %
                  User: DOMAIN\USERNAME
              Password:
           Select_priv: Y
           Insert_priv: Y
           Update_priv: Y
           Delete_priv: Y
           Create_priv: Y
             Drop_priv: Y
           Reload_priv: Y
         Shutdown_priv: Y
          Process_priv: Y
             File_priv: Y
            Grant_priv: Y
       References_priv: Y
            Index_priv: Y
            Alter_priv: Y
          Show_db_priv: Y
            Super_priv: Y
 Create_tmp_table_priv: Y
      Lock_tables_priv: Y
          Execute_priv: Y
       Repl_slave_priv: Y
      Repl_client_priv: Y
      Create_view_priv: Y
        Show_view_priv: Y
   Create_routine_priv: Y
    Alter_routine_priv: Y
      Create_user_priv: Y
            Event_priv: Y
          Trigger_priv: Y
Create_tablespace_priv: Y
              ssl_type:
            ssl_cipher:
           x509_issuer:
          x509_subject:
         max_questions: 0
           max_updates: 0
       max_connections: 0
  max_user_connections: 0
                plugin: pam
 authentication_string: mysql
      password_expired: N
               is_role: N
31 rows in set (0.00 sec)

Ah, on MariaDB 10, HeidiSQL uses the authentication_string column which contains "mysql" here, not the empty password column. Well I guess there are some TODOs for me here.

Ah ok! authentication_string is the pam module to be used in this case. It could be anything, i.e. activedirectory or whatever. Hope that helps.

Let me know if you need help with testing a fix or anything!

Best regards,

--Phil