Issue 316 in memcached: SASL authentication allows wrong credentials to access memcache

[memcached]

Status: New
Owner: ----
Labels: Type-Defect Priority-Medium
New issue 316 by ras...@renderedtext.com: SASL authentication allows wrong  
credentials to access memcache
http://code.google.com/p/memcached/issues/detail?id=316

What steps will reproduce the problem?
1. Ran memcached server with following flags -S -d -m 1024 0.0.0.0 -p 11211  
-u ubuntu
2. Add user with saslpasswd2 -a memcached -c newuser
3. Pointed cached store: dalli_store, 'domain.com:11211', { :username =>  
newuser, :password *** } (I am using dalli gem in Rails application)
4. When I try to access memcache with wrong credentials, on the first try I  
get message that authentication failed, which is fine. But, when I try  
again to access the cache it lets me do it even I have provided wrong  
credentials.

What is the expected output? What do you see instead?

After failed authentication I shouldn't be able to access memcached and be  
able to both read and write in it. When I try to access memcache without  
providing any credentials I get rejected every time, which is what I  
expect. Also when I provide valid credentials I get a message that SASL  
authentication was successfull and then I have access to memcached, which  
is also what I expect.

What version of the product are you using? On what operating system?

I am using memcached 1.4.10 and libevent 1.4.9 on Ubuntu 10.04.2 LTS

Please provide any additional information below.

These are the steps that I followed when installing memcached with SASL:

libevent:

    cd /usr/src/
    wget http://www.monkey.org/~provos/libevent-1.4.9-stable.tar.gz
    tar xvfz libevent-1.4.9-stable.tar.gz
    cd libevent-1.4.9-stable
    ./configure
    make
    make install

SASL packages:

    sudo apt-get -f install libsasl2-2 sasl2-bin libsasl2-dev  
libsasl2-modules

memcached:

    cd /usr/src/
    wget http://memcached.googlecode.com/files/memcached-1.4.10.tar.gz
    tar -xzf memcached-1.4.10.tar.gz
    cd memcached-1.4.10
    ./configure --enable-sasl
    make
    make install

I am starting memcached with following command:

    memcached -S -d -m 1024 0.0.0.0 -p 11211 -u ubuntu


--
You received this message because this project is configured to send all  
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings

--

--- 
You received this message because you are subscribed to the Google Groups "memcached" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to memcached+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.