Read the 30 lines around where I said, not just that line.
though I guess it's just:
system("echo testpass | $saslpasswd_path -a memcached -c -p testuser");
so that means:
echo "testpass" | saslpasswd2 -a memcached -c -p testuser
if you run that from the same directory as your memcached.conf (or use -f
to point to it?), it should create the file properly.
I'm saying to use the tool instead of just putting the username/password
into the file, and also using the sasldb_path: argument in memcached.conf
to point to the sasldb, instead of the environment variable.
On Fri, 6 Apr 2018, Om Kale wrote:
> Hey Dormando,
> Ok. When I look at the 't/binary-sasl.t' and search for the section you
> mentioned,
> I see this:
>
> # Build the auth DB for testing.
>
> my $sasldb = '/tmp/test-memcached.sasldb';
>
> unlink $sasldb;
>
>
> In the t/sasl/memcached.conf, I see the following:
> mech_list: plain cram-md5
> log_level: 5
> sasldb_path: /tmp/test-memcached.sasldb
>
> Now, let me know what I need to do....a bit confused.
> Do I need to change any of the above or do I create test-memcached.sasldb
> under tmp on my machine, add a username:password to it and then run
> ./configure
> followed by make?
>
>
>
>
> Thanks and Regards,Om Kale
>
>
> On Fri, Apr 6, 2018 at 2:48 PM, dormando <[email protected]> wrote:
> Just for sanity's sake, if you look at: t/sasl/memcached.conf in the
> tarball, and look at t/binary-sasl.t (look for the section starting with
> "my $sasldb =", and build a passwd + configure the pwdb that way, does
> it
> work?
>
> to reiterate; the test config file explicitly declares the path for the
> db
> within memcached.conf, and then adds the passwords to it via the
> saslpasswd tool.
>
> Would help rule things out anyway. thanks!
>
> On Fri, 6 Apr 2018, Om Kale wrote:
>
> > Yup, it will be really helpful if you could try and reproduce it.
> > Yes...that's the thing I was wondering, 'no secret in database' means
> its able to reach the database, but unable to read/load the
> memcached-sasl-pwdb
> > file. Additionally, I was wondering, if there is need to write
> additional code for some shared secret at client side or any other
> dependencies.
> > Currently, I am directly using memcached_set_sasl_auth_data function
> in the client.
> >
> > Here are the steps to reproduce:
> > 1. I installed the memcached server with the enable-sasl and
> enable-sasl-db.
> > 2. Wrote a c client as attached in the email.
> > 3. Created a file with the username:password entry named
> memcached-sasl-pwdb as shown before.
> > 4. Created a memcached.conf with mech:plain
> > 5. Ran the server using ./memcached -S -vv
> > 6. Ran the client using ./testsasl username password localhost
> >
> > Couple more things to add:
> > 1. I have followed the following wiki:
> > https://github.com/memcached/memcached/wiki/SASLHowto
> >
> > 2. I haven't used this but added the user:pass in the
> memcached-sasl-pwdb file manually.
> >
> > saslpasswd2 -a memcached -c cacheuser
> > 3. For the SASL library cyrus-sasl-plain, I have installed it, but
> havent used/pointed to it in code or on the server as I did not see
> steps for this.
> >
> > 4.I see its mentioned configure option --enable-sasl-pwdb is not
> working on the wiki, but saw that its there in one of the new PRs.
> > https://github.com/memcached/memcached/issues/365
> >
> >
> > Let me know if you need any additional info from my side.
> >
> > Regards,
> > Om Kale
> >
> >
> >
> > On Friday, April 6, 2018 at 12:45:26 PM UTC-7, Dormando wrote:
> > No secret in database means it thinks the pwdb is empty (or it
> can't
> > load/find the pwdb).
> >
> > I'm not sure why offhand.. I can try to reproduce it but won't
> have time
> > until later today.
> >
> > On Fri, 6 Apr 2018, Om Kale wrote:
> >
> > > Hi Dormando,
> > > Thanks for the quick reply. I used the environment variable
> you suggested before running the memcached server instance:
> > >
> MEMCACHED_SASL_PWDB="/Users/okale/Library/Caches/Homebrew/memcached-1.5.7/memcached-sasl-pwdb"
> > >
> > > I have added the following in my memcached.conf file (so
> basically tells plain text). I have openssl and openldap installed on my
> machine
> > but haven't
> > > specified it any config or pointed to it in the code.
> > > > OKALE-M-33H5:memcached-1.5.7 okale$ cat memcached.conf
> > > > mech_list: plain
> > >
> > > Now I run:
> > > ./memcached -S -v
> > >
> > > Followed by the client:
> > > OKALE-M-33H5:mycode okale$ ./testsasl ok hello localhost
> > > Set failed: AUTHENTICATION FAILURE
> > >
> > > But still get the same error as before on the memcached
> server:
> > > OKALE-M-33H5:memcached-1.5.7 okale$ export
>
> MEMCACHED_SASL_PWDB="/Users/okale/Library/Caches/Homebrew/memcached-1.5.7/memcached-sasl-pwdb"
> > > OKALE-M-33H5:memcached-1.5.7 okale$ ./memcached -S -v
> > > Reading configuration from:
> </Users/okale/Library/Caches/Homebrew/memcached-1.5.7/memcached.conf>
> > > Initialized SASL.
> > > mech: ``SRP'' with 15 bytes of data
> > > SASL (severity 2): no secret in database
> > > sasl result code: -4
> > > Unknown sasl response: -4
> > >
> > >
> > >
> > > You could refer to my attached client code above but I still
> don't understand why it says 'no secret in database'.
> > >
> > >
> > >
> > > Thanks and Regards,
> > > Om Kale
> > >
> > >
> > >
> > >
> > >
> > > On Friday, April 6, 2018 at 12:19:17 PM UTC-7, Dormando wrote:
> > >
> > >
> > > On Fri, 6 Apr 2018, Om Kale wrote:
> > >
> > > > and then try to run my client, I get the following
> error on the server:
> > > >
> > > >
> > > > OKALE-M-33H5:memcached-1.5.7 okale$ ./memcached -S -v
> > > > Reading configuration from:
> </Users/okale/Library/Caches/Homebrew/memcached-1.5.7/memcached.conf>
> > > > Initialized SASL.
> > > > mech: ``SRP'' with 15 bytes of data
> > > > SASL (severity 2): no secret in database
> > > > sasl result code: -4
> > > > Unknown sasl response: -4
> > > >
> > > >
> > > > I have added my username, password in a file called
> memcached-sasl-pwdb which is located at
> > > >
> /Users/okale/Library/Caches/Homebrew/memcached-1.5.7/memcached-sasl-pwdb
> > > >
> > > >
> > > > OKALE-M-33H5:memcached-1.5.7 okale$ cat
> memcached-sasl-pwdb
> > > > ok:hello
> > > >
> > > >
> > > >
> > > > My memcached.conf located at
> /Users/okale/Library/Caches/Homebrew/memcached-1.5.7/memcached.conf and
> contains:
> > > >
> > > >
> > > > OKALE-M-33H5:memcached-1.5.7 okale$ cat memcached.conf
> > > > mech_list: plain
> > > >
> > > >
> > > > I have a couple of questions:
> > > > 1. How can the memcached server on start up know the
> configured users and the username:password details. (Does it read it
> from
> > > memcached-sasl-pwdb? If
> > > > yes, how do I configure it/point to it?)
> > >
> > > I guess the wiki didn't get fully updated :( If you use
> PWDB, it's via
> > > MEMCACHED_SASL_PWDB as an environment variable, so:
> > > $
> > >
> MEMCACHED_SASL_PWDB="/Users/okale/Library/Caches/Homebrew/memcached-1.5.7/memcached-sasl-pwdb"
> > > ./memcached -S -v
> > >
> > >
> > > > 2. What's the use of the memcached.conf file in the
> "Reading configuration from:
> > >
> </Users/okale/Library/Caches/Homebrew/memcached-1.5.7/memcached.conf>"
> > >
> > > Stating the supported mechanisms for sasl
> authentication (ie; the at-rest
> > > state of the password data)
> > >
> > > > in the output. I am presuming this read will tell the
> memcached server the username:password details. If yes, what should
> be the
> > location
> > > of this file
> > > > 3. Do I need to install/point to any additional ssl
> libraries during server bring up?
> > >
> > > Should be answered above. Hopefully that works for you
> > >
> > > --
> > >
> > > ---
> > > You received this message because you are subscribed to the
> Google Groups "memcached" group.
> > > To unsubscribe from this group and stop receiving emails from
> it, send an email to [email protected].
> > > For more options, visit https://groups.google.com/d/optout.
> > >
> > >
> >
> > --
> >
> > ---
> > You received this message because you are subscribed to the Google
> Groups "memcached" group.
> > To unsubscribe from this group and stop receiving emails from it,
> send an email to [email protected].
> > For more options, visit https://groups.google.com/d/optout.
> >
> >
>
> --
>
> ---
> You received this message because you are subscribed to the Google
> Groups "memcached" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to [email protected].
> For more options, visit https://groups.google.com/d/optout.
>
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "memcached" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> For more options, visit https://groups.google.com/d/optout.
>
>
--
---
You received this message because you are subscribed to the Google Groups
"memcached" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
