I didn't even look at this, but Corion is right to mention it - your SQL is constructed very poorly. Instead, it should be:

my $sql = "SELECT pass FROM password WHERE username = ?";
my $sth = $dbh->prepare_cached($sql) || die "Cannot prepare '$sql'\n";
$sth->execute($username) || die "Cannot execute '$sql' with '$username
+'\n";
[download]

The reason being that it will help protect versus attacks. For example, let's say $username is q{'; delete from password where username != 'NOT THERE''}. You'll lose all your password table entries.

------
We are the carpenters and bricklayers of the Information Age.

Don't go borrowing trouble. For programmers, this means Worry only about what you need to implement.

Please remember that I'm crufty and crochety. All opinions are purely mine and all code is untested, unless otherwise specified.