Install and Secure Memcached with SASL on Ubuntu 20.04

Memcached is a free, distributed in-memory caching system that temporarily stores data and objects—such as common database queries, API responses, session details, or computed results—in RAM. It integrates with modern applications to minimize repetitive operations like database access, improving response times and reducing server load.

This guide explains how to install Memcached on Ubuntu 20.04 and configure it with SASL (Simple Authentication and Security Layer) to ensure secure client connections.

Prerequisites

Before getting started, make sure you have:

• An Ubuntu 20.04 server
• SSH access as a non-root user with sudo privileges
• An updated server environment

Installing Memcached

Memcached is included in Ubuntu 20.04’s default repositories and can be installed using the APT package manager. If you need a specific version, you may also compile it from source. The steps below explain how to install Memcached and configure it to start on boot.

Update the server package index

$ sudo apt update

Install Memcached and required tools

$ sudo apt install memcached libmemcached-tools -y

Verify the installed Memcached version

$ memcached --version

Output:

memcached 1.5.22

Enable and start the Memcached service

$ sudo systemctl enable memcached
$ sudo systemctl start memcached

Configuring Memcached

Memcached uses the /etc/memcached.conf file to define parameters like port number, memory allocation, connection limits, and listening address. The instructions below outline how to adjust these settings and verify that Memcached is working properly.

Open the configuration file

$ sudo nano /etc/memcached.conf

Enable SASL authentication

Add -S at the end of the file, just after -P /var/run/memcached/memcached.pid:

...
-P /var/run/memcached/memcached.pid
-S

Enable verbose logging

Uncomment the following line to log detailed activity to /var/log/memcache:

-v

Set connection limits

Uncomment and modify the following line to define your preferred maximum number of simultaneous connections:

-c 1024

Check the connection port

Confirm or change the port Memcached uses:

# Default connection port is 11211
-p 11211

Restrict network access

Ensure the following directive limits access to localhost. Update it with your public or VPC IP if remote connections are needed:

-l 127.0.0.1
-l ::1

Save your changes and restart Memcached:

$ sudo systemctl restart memcached

Securing Memcached with SASL

By default, Memcached doesn’t require authentication, which can leave it exposed. Enabling SASL ensures user verification before granting access. Follow these steps to install and set up SASL support for Memcached.

Install SASL package

$ sudo apt install sasl2-bin -y

Create SASL configuration directory and file

$ sudo mkdir /etc/sasl2
$ sudo nano /etc/sasl2/memcached.conf

Add SASL configuration

log_level: 5
mech_list: plain
sasldb_path: /etc/sasl2/memcached-sasldb2

Explanation:

• log_level: Enables detailed logging (level 5)
• mech_list: Specifies authentication mechanism—plain uses simple username/password
• sasldb_path: Sets the path for the SASL authentication database

Create a SASL user

Replace example-user with your actual username:

$ sudo saslpasswd2 -a memcached -c -f /etc/sasl2/memcached-sasldb2 example-user

Assign permissions and restart Memcached

$ sudo chown memcache:memcache /etc/sasl2/memcached-sasldb2
$ sudo systemctl restart memcached

Check Memcached service status

$ sudo systemctl status memcached

List SASL users

$ sudo sasldblistusers2 -f /etc/sasl2/memcached-sasldb2

Output:

example-user@ubuntu20: userPassword

Test Memcached authentication

Use the command below to verify login. Replace credentials with your actual values:

$ memcstat --binary --servers="127.0.0.1" --username='example-user@ubuntu20' --password=strong-password

Successful output:

Server: 127.0.0.1 (11211)
    pid: 5090
    uptime: 570
    time: 1743878810
    version: 1.5.22
    libevent: 2.1.11-stable
    pointer_size: 64
    rusage_user: 0.052240
    rusage_system: 0.043533
    max_connections: 1024
    curr_connections: 2
    total_connections: 10
    rejected_connections: 8

Connect to Memcached

Memcached can be integrated with many application frameworks such as PHP, Perl, Python, Ruby, and Java. To verify connectivity using PHP, follow these steps.

Install PHP and Memcached module

$ sudo apt install php php-memcached -y

Create a PHP test script

$ nano memcached.php

Add the following code

Replace example-user@ubuntu20 and strong-password with your real authentication details.

setOption(Memcached::OPT_BINARY_PROTOCOL, true);
$memcached->addServer('127.0.0.1', 11211);
$memcached->setSaslAuthData('example-user@ubuntu20', 'strong-password');

// Set and retrieve a value to test the connection
$memcached->set('example', 'Greetings from centron!');
echo $memcached->get('example');
?>

Save and close the file.

The PHP script above connects to Memcached using the specified credentials and binary protocol. It creates a key named example with the value Greetings from centron!, stores it in Memcached’s memory, and retrieves it through the $memcached variable.

Run the PHP script

$ php memcached.php

Output:

Greetings from centron!

If you see the above output, the PHP script has successfully connected to Memcached, created the key example, and stored and retrieved the corresponding value from memory.

Conclusion

You’ve now installed Memcached on Ubuntu 20.04 and configured it for secure integration with application frameworks like PHP. Memcached improves server performance by caching frequently accessed data—such as database queries—directly in memory, significantly reducing response time and server load.