Thursday, February 25, 2010

Memcached with SASL on OpenSolaris

You may have tried to build memcached with SASL support on OpenSolaris with the following result:

trond@opensolaris< ./configure --enable-sasl
[ ... cut ... ]
checking sasl/sasl.h usability... yes
checking sasl/sasl.h presence... yes
checking for sasl/sasl.h... yes
checking for library containing sasl_server_init... no
configure: error: Failed to locate the library containing sasl_server_init

This is because configure only tries to look for sasl_server_init in libsasl2, and OpenSolaris use libsasl instead. Yesterday I pushed a fix to my github repository that search for the symbol in libsasl as well.

Configuring SASL may also be a challenge (I want to spend my time writing code, not be a system administrator), so I decided to add support for plaintext passwords as well. You probably don't want to use this on your production servers, but it comes in really handy if you just want to test your favorite client.

You enable support for plaintext password by passing --enable-sasl-pwdb to configure. I didn't want to spend any time to writing a new parser or come up with a new file format, so I decided to use fgetspent_r to read the password file. This means that as long as you follow the format for a shadow file, you're good to go :-) You have to set the name of the file to use as the password file in the environment variable MEMCACHED_SASL_PWDB:

trond@opensolaris> echo "myname:mypass:::::::" > /tmp/memcached-sasl-db
trond@opensolaris> export MEMCACHED_SASL_PWDB=/tmp/memcached-sasl-db

With a password file in place, you have to create a config file for SASL to instruct it to use plain text password authentication:

trond@opensolaris> echo "mech_list: plain" > memcached.conf

If you don't want to install this as the global configuration for memcached, you should specify the location of the file in SASL_CONF_PATH:

trond@opensolaris> export SASL_CONF_PATH=`pwd`/memcached.conf

You then start the memcached deamon with "-S" to enable SASL authentication:

trond@opensolaris> ./memcached -S -d

So let's run some commands to the server and see how this works. I'm using the SASL support I implemented in libmemcached (not integrated yet, but you may download it from https://code.launchpad.net/~trond-norbye/libmemcached/sasl):

trond@opensolaris> ./memcp --servers=localhost:11211 --binary \
                                                    --username=myname --password=inncorrect \
                                                    memcp.c
memcp: memcp.c: memcache error AUTHENTICATION FAILURE
trond@opensolaris> ./memcp --servers=localhost:11211 --binary \
                                                    --username=myname --password=mypass \
                                                    memcp.c
trond@opensolaris> ./memcat --servers=localhost:11211 --binary \
                                                     --username=myname --password=mypass \
                                                     memcp.c
[ ... output of memcp.c ... ]
That's all for now. Happy hacking :-)

No comments:

Post a Comment

Post a Comment