It seems to be a known limitation that MaxScale does not yet support mysql_clear_password for PAMAuth and PAMBackendAuth. The code contains this TODO to add support for it:
/* PAM client helper plugin name, TODO: add support for "mysql_clear_password" */
const std::string DIALOG = "dialog";
The following PAMBackendAuth code seems to explicitly check that the backend server asked MaxScale to use the "dialog" plugin:
But I don't think this particular code can even be reached, because if the backend server does not ask MaxScale to use the "dialog" plugin, then it will fail before that here:
And throw this error message:
2019-05-10 14:41:24 error : (12901) [PAMBackendAuth] Length of server AuthSwitchRequest packet was '37', expected '23'. Only simple password-based PAM authentication with one call to the conversation function is supported.
Regardless, I think MaxScale should also support the mysql_clear_password plugin for PAMAuth and PAMBackendAuth. If it does not, then it cannot be used with servers that have pam_use_cleartext_plugin set, which is sometimes needed for compatibility.