memcached从1.4.3版本开始,能支持SASL认证51Testing软件测试网�H�~�@�N�f&Z)E�T
比较适合多个应用共用一个memcached集群
&~ A j.z!n�|&c�Y�}0需要在编译时,加上–enable-sasl选项
2k�d�I
h'r�D�g0启动memcached时,增加-S的选项
,c�I�z2]�`,J�g0./configure –prefix=%{datadir} –enable-sasl
�D�l�E&~;L7`�z9{�t0/usr/local/bin/memcached -S -d -u nobody
�M�f
T�L�j3O3p�^�L0
SASL认证也可以有很多种认证机制,比如pam,shadow,ldap等51Testing软件测试网�c \�w z'[0^;m�t�f
9w�T7S-T�R�I3?6E0下面配置成使用shadow方式去认证51Testing软件测试网-?,L�{�a+a-s�t�f0E
#修改/etc/sysconfig/saslauthd文件51Testing软件测试网1c�d�`+W�x�B"f*`�U�Q
MECH=shadow
.L;|�Q't�N0#设置用户的SASL认证密码51Testing软件测试网�a�R&h�m$R'Q�P/?'E�a)x
saslpasswd2 -c -a memcached memuser
T1~3E�G
W0#最终生成的DB文件在/etc/下51Testing软件测试网!O5f�f.g'j;v�k-^
P�I�|
-rw-r—– 1 root root 12288 Mar 6 11:52 /etc/sasldb2
X�J�m-e0b�x.v�f�J0#可以查看当前的SASL用户
�Z1^"T&u-N8P�Z�[0sasldblistusers2
�w,s*H"@�_!^�s0
a�V2K6Q�b�z�m&_0下面配置成通过pam-mysql使用mysql数据库的方式去认证
�w#D�m1X9Y(?�D�X�y+h0#首先安装pam-mysql51Testing软件测试网�l,T�t�P.U&o
wget "http://prdownloads.sourceforge.net/pam-mysql/pam_mysql-0.7RC1.tar.gz"51Testing软件测试网�E(A�M3l8]�{*B�q
./configure –with-mysql=/opt/apps_install/mysql-5.5.17
Y�f�s%\ K
V�v,{�Y#q0make & make install51Testing软件测试网1N�J�\�e�C9g
#增加一个软链接
�{6Q;d ]�V�Q8~0ln -s /lib/security/pam_mysql.so /lib64/security/pam_mysql.so51Testing软件测试网�T�z�z�R�W8H�x
#修改saslauthd配置
2U�t
j&\�Q0MECH=pam51Testing软件测试网�n!M�t�V�T�p6M
#编辑pam.d的memcached配置
,F*|�[3i�}�O�S�K0auth sufficient pam_mysql.so user=sasl passwd=saslpwd host=xxx db=dbname table=t_app_info usercolumn=appid passwdcolumn=secret crypt=0 sqllog=1 verbose=151Testing软件测试网�e�g*L�n2M�@
account required pam_mysql.so user=sasl passwd=saslpwd host=xxx db=dbname table=t_app_info usercolumn=appid passwdcolumn=secret crypt=0 sqllog=1 verbose=1
+~&P0C
m,_�A�`&a�H'a0#新增加memcached的配置文件/etc/sasl2/memcached.conf51Testing软件测试网9L9I�G$K�j%t
pwcheck_method: saslauthd
�g$v*F c.C*h0#重启saslauthd51Testing软件测试网�m�`1X�["[�u
/etc/init.d/saslauthd restart
�H+P�s J�r�l-D�S�^�z0#测试saslauthd认证已经成功51Testing软件测试网'`�C:w6]�N�A�J,h j
/usr/sbin/testsaslauthd -s /etc/pam.d/memcached -u 10000 -p pwd
)Q7B#?"Q�b�p00: OK "Success."
�I%i0N Z�A�d:H�x�d0
51Testing软件测试网'G�g�d _ K�V:h�N�s/?�R9?
memcached的java client,如spymemcached和xmemcached都已经支持SASL认证了
�m�i�~3f.Z�W
f0#xmemcached认证示例
:J*Z�W�y&Q�]�H�Z0MemcachedClientBuilder builder = new XMemcachedClientBuilder(AddrUtil.getAddresses("10.x.xx.xx:11211"));51Testing软件测试网3v*L�w�N�q'V�Q"N�K
builder.addAuthInfo(AddrUtil.getOneAddress("10.x.xx.xx:11211"), AuthInfo.plain("10000", "pwd"));
.C(U!s�R�o�F;R0builder.setCommandFactory(new BinaryCommandFactory());51Testing软件测试网�H+k�g�G"v
client=builder.build();51Testing软件测试网�H�|8J�C"s�{%v W
String v = client.get("test2");
^0v�~�`"P:r�t�F�Z$m�D�@0
python版本的pylibmc也支持SASL认证
�j�r�}�Z�}�n;x�A051Testing软件测试网/z�~3w�o+_
P 51Testing软件测试网0u�v%o�z4\"a"u
