Module Hub Beta


Linux Pluggable Authentication Module‚Äč (PAM) for Redis


This module replaces the original Redis AUTH command with an alternative implementation that uses the Linux PAM facility to authenticate users.

This module should be used as a proof of concept only. It provides an extreme example of how modules can extend Redis beyond the standard Redis Module API.

Quick start guide:

  1. Build a Redis server with support for modules.
  2. Create a REDIS_SRC_DIR environment variable that points to your Redis source code: export REDIS_SRC_DIR=<dir>.
  3. Build the password module: make
  4. To load the module, Start Redis with the --loadmodule /path/to/ option, add it as a directive to the configuration file or send a MODULE LOAD command.

What it does:

This module does not create new commands, it only modifies the way AUTH works.

Once loaded, AUTH expects users to provide both username and password in the format <user>:<password>. This is validated against PAM as a redis service authentication request.

The requirepass settings is ignored as long as the module remains loaded in Redis.

Why use PAM

There are several benefits for using PAM:

  • Rely on OS user authentication, using same credentials use for OS access.
  • Advanced OS authentication configuration such as Active Directory/LDAP membership.
  • Additional security features are “for free”, like failed login throttling, granular restrictions based on source IP address, etc.
© 2017 Redis Labs, Inc. All rights reserved.