memcached从1.4.3版本开始,能支持SASL认证51Testing软件测试网H~@Nf&Z)ET
比较适合多个应用共用一个memcached集群
&~ A j.z!n|&cY}0需要在编译时,加上–enable-sasl选项
2kdI
h'rDg0启动memcached时,增加-S的选项
,cIz2]`,J g0./configure –prefix=%{datadir} –enable-sasl
DlE&~;L7`z9{t0/usr/local/bin/memcached -S -d -u nobody
Mf
TLj3O3p^L0
SASL认证也可以有很多种认证机制,比如pam,shadow,ldap等51Testing软件测试网c \w z'[0^;mtf
9wT7S-TRI3?6E0下面配置成使用shadow方式去认证51Testing软件测试网-?,L{a+a-stf0E
#修改/etc/sysconfig/saslauthd文件51Testing软件测试网1cd`+WxB"f*`UQ
MECH=shadow
.L;|Q'tN0#设置用户的SASL认证密码51Testing软件测试网aR&hm$R'QP/?'Ea)x
saslpasswd2 -c -a memcached memuser
T1~3EG
W0#最终生成的DB文件在/etc/下51Testing软件测试网!O5ff.g'j;vk-^
PI|
-rw-r—– 1 root root 12288 Mar 6 11:52 /etc/sasldb2
XJm-e0bx.vfJ0#可以查看当前的SASL用户
Z1^"T&u-N8PZ [0sasldblistusers2
w,s*H"@_!^s0
aV2K6Qbzm&_0下面配置成通过pam-mysql使用mysql数据库的方式去认证
w#Dm1X9Y(?DXy+h0#首先安装pam-mysql51Testing软件测试网l,TtP.U&o
wget "http://prdownloads.sourceforge.net/pam-mysql/pam_mysql-0.7RC1.tar.gz"51Testing软件测试网E(AM3l8]{*Bq
./configure –with-mysql=/opt/apps_install/mysql-5.5.17
Yfs%\ K
Vv,{Y#q0make & make install51Testing软件测试网1NJ\eC9g
#增加一个软链接
{6Q;d ]VQ8~0ln -s /lib/security/pam_mysql.so /lib64/security/pam_mysql.so51Testing软件测试网TzzRW8Hx
#修改saslauthd配置
2Ut
j&\Q0MECH=pam51Testing软件测试网n!MtVTp6M
#编辑pam.d的memcached配置
,F*|[3i}OSK0auth sufficient pam_mysql.so user=sasl passwd=saslpwd host=xxx db=dbname table=t_app_info usercolumn=appid passwdcolumn=secret crypt=0 sqllog=1 verbose=151Testing软件测试网eg*Ln2M@
account required pam_mysql.so user=sasl passwd=saslpwd host=xxx db=dbname table=t_app_info usercolumn=appid passwdcolumn=secret crypt=0 sqllog=1 verbose=1
+~&P0C
m,_A `&aH'a0#新增加memcached的配置文件/etc/sasl2/memcached.conf51Testing软件测试网9L9IG$Kj%t
pwcheck_method: saslauthd
g$v*F c.C*h0#重启saslauthd51Testing软件测试网m`1X["[u
/etc/init.d/saslauthd restart
H+Ps Jrl-D S^z0#测试saslauthd认证已经成功51Testing软件测试网'` C:w6]NAJ,h j
/usr/sbin/testsaslauthd -s /etc/pam.d/memcached -u 10000 -p pwd
)Q7B#?"Qb p00: OK "Success."
I%i0N ZAd:Hxd0
51Testing软件测试网'Ggd _ KV:hNs/?R9?
memcached的java client,如spymemcached和xmemcached都已经支持SASL认证了
mi~3f.Z W
f0#xmemcached认证示例
:J*ZWy&Q]HZ0MemcachedClientBuilder builder = new XMemcachedClientBuilder(AddrUtil.getAddresses("10.x.xx.xx:11211"));51Testing软件测试网3v*LwNq'VQ"NK
builder.addAuthInfo(AddrUtil.getOneAddress("10.x.xx.xx:11211"), AuthInfo.plain("10000", "pwd"));
.C(U!sRoF;R0builder.setCommandFactory(new BinaryCommandFactory());51Testing软件测试网H+kgG"v
client=builder.build();51Testing软件测试网H|8JC"s{%v W
String v = client.get("test2");
^0v~`"P:rtFZ$mD@0
python版本的pylibmc也支持SASL认证
jr}Z}n;xA051Testing软件测试网/z~3wo+_
P 51Testing软件测试网0uv%oz4\"a"u