My Oracle Support Banner

PAM Authentication Plugin and External Services FAQ; MySQL Enterprise Security (Doc ID 1521951.1)

Last updated on FEBRUARY 27, 2020

Applies to:

MySQL Server - Version 5.5 and later
Information in this document applies to any platform.
There are quite a range of different LDAP servers available, but this article will focus on OpenLDAP and how it relates to Active Directory as the most common scenario.

Purpose

 This FAQ is designed to answer some of the questions that arise when attempting to configure MySQL Enterprise Security to allow PAM to authenticate via an external service such as LDAP, Kerberos etc. It does not contain detailed steps, but tries to explain some of the common pitfalls that may occur when configuring the service.

Questions and Answers

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Purpose
Questions and Answers
 Q. What versions of MySQL Server can use MySQL Enterprise Security PAM authentication?
 Q. What PAM service file is used by MySQL Enterprise Security to allow authentication outside of the MySQL Server?
 Q. Do all the different stages of PAM need to be implemented for authentication to work?
 Q. How can I see if the plugin is producing errors?
 Q. Which is the easiest protocol to configure for PAM to authenticate MySQL accounts?
 Q. Why do I get BINDPW is not a valid option when updating /etc/openldap/ldap.conf?
 Q. Do I have to use anonymous binding for Active Directory for PAM to authenticate correctly?
 Q. I have ldapsearch working, but the PAM authentication still shows an error authenticating - what is wrong?
 Q. Can I just use Kerberos and be done with it?
 Q. What if I am using another LDAP server instead of OpenLDAP?
 Q. Are newer forms of protocol supported such as Heimdal Kerberos?
 Q. Can you support new forms of protocol for authentication e.g. biometrics, OpenID etc?
References

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.