Pam_Mysql Version 0.5

To try this, you need PAM to already be installed and working and have a
MySQL server up and running as well. I typically copy the pam_mysql.so to
/lib/security and make the proper changes to /etc/pam.d/ and /etc/pam.conf

An example of a simple config file:
auth       optional     pam_mysql.so user=root passwd=password
account    required     pam_mysql.so user=root passwd=password

OPTIONS
-------
The module options are listed below with default in ()s:

user("nobody")
    The user with access to open the connection to MySQL
    and has permission to read the table with the passwords.

passwd("")
    Password for the MySQL user.

host("localhost")
    Machine that is running the MySQL server.

db("mysql")
    Name of database that contains the table with the user/password
    combos.

table("user")
    Name of table that you want to use for the user/password checking.
    This can be a series of tables with full JOIN-style syntax if you
    want more complex control.  For example:
        [table=Host LEFT JOIN HostUser ON HostUser.host_id=Host.id \
                    LEFT JOIN User ON HostUser.user_id=User.id]

update_table
    Name of table you want to use for password updates.  If this is
    not defined, the value of the "table" option will be used.  This
    is handy if you have a complex JOIN instead of a simple table in
    the "table" option above.

usercolumn("user.User")
    Name of column that has the unix login name field.  Should be
    fully qualified.

passwdcolumn("user.password")
    Name of column that has the password field.  Should be fully
    qualified.

crypt(0)
    Used to decide how to encrypt with the user's password:
       0 = No encryption.  Passwords in database in plaintext. NOT recommended!
       1 = Use crypt
       2 = Use MySQL PASSWORD() function

where("")
    Used to specify additional criteria for the query. Not that you probably
    need to use libpam's extended option format. For example:
	    [where=Host.name="web" AND User.active=1]

md5(Y)
    Used to decide if passwords should be encrypted using MD5

sqllog(N)
    Used to turn on/off logging to MySQL database (instead of syslog)

logtable("")
    Table name for MySQL logging

logmsgcolumn(""), logusercolumn(""), loghostcolumn(""), logtimecolumn("")
    Column names in table specified by logtable


BUGS
----
Users names and passwords are logged in the clear to mysql.log if you log
select statements... Current solution, don't log select statements. (Not
sure why you'd want to anyway, slogs your system down badly!)
