Maybe I'm missing something, but why would you patch SSH instead of just using something like pam_mysql and nscd?

Previous, but still inconclusive, discussion about the same matter:

https://news.ycombinator.com/item?id=895072

It's not clear from the post if they're still using a custom patch. It looks like the fairly new option AuthorizedKeysCommand could save them some work, since you can plug in an arbitrary external script that way.