GRANT Syntax using PAM

The following example creates a new user, where pam_service is a placeholder for the actual PAM service name to use. In this example, PAM will look for a configuration file named /etc/pam.d/pam_service. However, you must change pam_service to the actual PAM service name, and not leave it as pam_service.

GRANT ALL ON *.* to 'singlestore-db_user'@'127.0.0.1' IDENTIFIED WITH authentication_pam AS 'pam_service';

As most Linux/Unix systems have a PAM service at /etc/pam.d/sshd, there's a straightforward way to test SingleStoreDB and PAM. The following example creates a new 'steve' database user with the default authentication scheme on the host – and the same password 'steve' uses for SSH.

GRANT ALL ON *.* to 'steve'@'localhost' IDENTIFIED WITH authentication_pam as 'sshd';

Granting permissions to an existing database user via the GRANT command should be done using only the username without the IDENTIFIED WITH clause.