memcached从1.4.3版本开始,能支持SASL认证51Testing软件测试网{%VM'Vt|$YG
比较适合多个应用共用一个memcached集群
to1E&_4T3|`s3N0需要在编译时,加上–enable-sasl选项51Testing软件测试网(Y![-j*v6v7{J
启动memcached时,增加-S的选项51Testing软件测试网k%s!FZ|
./configure –prefix=%{datadir} –enable-sasl51Testing软件测试网7V Q:E_m$S'jQ5@G-A
/usr/local/bin/memcached -S -d -u nobody
6xch"JeH8fnE0
SASL认证也可以有很多种认证机制,比如pam,shadow,ldap等
yVM
F$~*L|,s;h4L0 51Testing软件测试网+v9U:a[!?Xu
下面配置成使用shadow方式去认证
OQ@6Y0Yc&uj0#修改/etc/sysconfig/saslauthd文件
g)P2D\S X0MECH=shadow
|!e@3Z'bw{,a|gs0#设置用户的SASL认证密码
'c
Ak \qjf3z0saslpasswd2 -c -a memcached memuser51Testing软件测试网8P#]f!D.qi;zz
#最终生成的DB文件在/etc/下51Testing软件测试网 T-rpy3wN8w @_
-rw-r—– 1 root root 12288 Mar 6 11:52 /etc/sasldb2
oX|G*Ca"}0#可以查看当前的SASL用户
'j5s5]a-l6}-],Q0sasldblistusers2
t0b&}lz'ZX~0
51Testing软件测试网e[#F`Y`
下面配置成通过pam-mysql使用mysql数据库的方式去认证
'F2Wyn#nl-j3ud]0#首先安装pam-mysql51Testing软件测试网y&h ai9J7r Z-{
wget "http://prdownloads.sourceforge.net/pam-mysql/pam_mysql-0.7RC1.tar.gz"51Testing软件测试网xw%P?
c5G
./configure –with-mysql=/opt/apps_install/mysql-5.5.17
5W3F7i0D(IPpa}0make & make install
feL5yi6D0#增加一个软链接51Testing软件测试网$_?|'FQV4FnZL
ln -s /lib/security/pam_mysql.so /lib64/security/pam_mysql.so
c2H
sN^2Y u0#修改saslauthd配置51Testing软件测试网*ymO'e[wJ s9VP
MECH=pam51Testing软件测试网fkY1Jd-ia
#编辑pam.d的memcached配置51Testing软件测试网^Q9y(NuR
j#Qr
auth sufficient pam_mysql.so user=sasl passwd=saslpwd host=xxx db=dbname table=t_app_info usercolumn=appid passwdcolumn=secret crypt=0 sqllog=1 verbose=151Testing软件测试网J;D3n/q_gFB{
account required pam_mysql.so user=sasl passwd=saslpwd host=xxx db=dbname table=t_app_info usercolumn=appid passwdcolumn=secret crypt=0 sqllog=1 verbose=151Testing软件测试网Sb(d0|6a6K-}$lg
#新增加memcached的配置文件/etc/sasl2/memcached.conf
*tg%n,a$W_JU n.l0pwcheck_method: saslauthd51Testing软件测试网Kh2q"a#]'~
#重启saslauthd51Testing软件测试网T1SICD'MQ qn
/etc/init.d/saslauthd restart
%LIYZ6g la0#测试saslauthd认证已经成功51Testing软件测试网8iXI4l*Q|&Xig
/usr/sbin/testsaslauthd -s /etc/pam.d/memcached -u 10000 -p pwd51Testing软件测试网%`3V,B#yvF&m].{,X3s
0: OK "Success."51Testing软件测试网)V!S_ yx5_0Oii
51Testing软件测试网;u}t[J3RC!|
memcached的java client,如spymemcached和xmemcached都已经支持SASL认证了51Testing软件测试网 [k*d a3LF
#xmemcached认证示例
FlH+}-V4s0MemcachedClientBuilder builder = new XMemcachedClientBuilder(AddrUtil.getAddresses("10.x.xx.xx:11211"));51Testing软件测试网O}1G\$@*]
builder.addAuthInfo(AddrUtil.getOneAddress("10.x.xx.xx:11211"), AuthInfo.plain("10000", "pwd"));
7EiL
]W8Lv0builder.setCommandFactory(new BinaryCommandFactory());51Testing软件测试网"G ~1[:x|g%j:?
]t
client=builder.build();51Testing软件测试网-y7F+Q&WitI dV
String v = client.get("test2");
z9xK+i2v1ml0
python版本的pylibmc也支持SASL认证
"]${-js2iwxTx;U#{051Testing软件测试网:f
S.Ak2~gxV'I 51Testing软件测试网@:dqR7WO#Fj