-Y [filename] for ascii authentication mode

Loads "username:password\n" tokens (up to 8) out of a supplied authfile.

If enabled, disables binary protocol (though may be able to enable both
if sasl is also used?).

authentication is done via the "set" command. A separate handler is
used to avoid some hot path conditionals and narrow the code
executed in an unauthenticated state.

ie:

set foo 0 0 7\r\n
foo bar\r\n

returns "STORED" on success. Else returns CLIENT_ERROR with some
information.

Any key is accepted: if using a client that doesn't try to authenticate
when connecting to a pool of servers, the authentication set can be
tried with the same key as one that failed to coerce the client to
routing to the correct server. Else an "auth" or similar key would
always go to the same server.

1 files changed, 17 insertions, 0 deletions

diff --git a/doc/protocol.txt b/doc/protocol.txt
index e00b6de..b569bc7 100644
--- a/doc/protocol.txt
+++ b/doc/protocol.txt
@@ -123,6 +123,23 @@ In the descriptions of individual commands below, these error lines
 are not again specifically mentioned, but clients must allow for their
 possibility.
 
+Authentication
+--------------
+
+Optional username/password token authentication (see -Y option). Used by
+sending a fake "set" command with any key:
+
+set <key> <flags> <exptime> <bytes>\r\n
+username password\r\n
+
+key, flags, and exptime are ignored for authentication. Bytes is the length
+of the username/password payload.
+
+- "STORED\r\n" indicates success. After this point any command should work
+  normally.
+
+- "CLIENT_ERROR [message]\r\n" will be returned if authentication fails for
+  any reason.
 
 Storage commands
 ----------------