Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.

[Om Kale]

Hey Dormando,
I have figured the stunnel approach and it works. So AUTH is figured out.
Thanks for the guidance. Now. I have one more question about encryption.
SASL requires binary protocol to be enabled. However, if I use binary
protocol, the set encyption key function by libmemcached fails:
void memcached_set_encoding_key(memcached_st
* *ptr*,
const char* *string*, const size_t
* string_length*)¶


When I use the above with binary protocol, the value set using memcached
set and received with memcached get do not match.
Is there a specific reason why only binary protocol can be used for sasl
auth in memcached?



Thanks and Regards,
Om Kale


On Mon, May 7, 2018 at 5:17 PM, dormando  wrote:

> On Mon, 7 May 2018, Om Kale wrote:
>
> > Okcouple of follow up questions on the same:1. Inorder to enable/set
> up stunnel on memcached server, I need to create certificates using
> openssl. How
> > do I execute the openssl certificate generation on memcached server?
> Also, after this how could I distribute this to client?
>
> There are lots of guides online about how to manage certificates; that is
> beyond the scope of this mailing list. I will give you a hint though: that
> you don't need to generate the certificates from any particular place.
>
> > 2. Additionally, when you say 'you can modify libmemcached to use
> OpenSSL directly', you mean setting up the socket connections in client to
> support
> > SSL/TLS, corect?
>
> Yes.
>
> >
> > Thanks and Regards,Om Kale
> >
> >
> > On Mon, May 7, 2018 at 1:11 PM, dormando  wrote:
> >   hmm. I guess so...
> >
> >   re: stunnel, as I detailed you still have to get the client
> (libmemcached)
> >   to talk over TLS. For the server, no change.
> >
> >   For the client, you could prototype by having stunnel local to the
> client
> >   and connect through that. so you have stunnel talking to stunnel.
> If
> >   that's not something you can deploy for clients, you can modify
> >   libmemcached to use OpenSSL directly, which should be easier than
> >   modifying the server.
> >
> >   On Mon, 7 May 2018, Om Kale wrote:
> >
> >   > The problem with libsasl2 was regarding license. Also, I am
> unsure if libsasl2 will give me an ability to perform some sort of
> certificate
> >   based
> >   > authentication.One more question I had was, would the use of
> stunnel need any code change with memached codebase?
> >   >
> >   > Thanks and Regards,Om Kale
> >   >
> >   >
> >   > On Mon, May 7, 2018 at 12:40 PM, dormando 
> wrote:
> >   >   Hey,
> >   >
> >   >   Just to be clear: I'm completely positive you can make
> this work with just
> >   >   the libsasl2 that comes with openwrt, you don't need to
> rebuild it. the
> >   >   problem is you can't use sasl over an untrusted network:
> SASL is supposed
> >   >   to be used underneath TLS or a trusted network.
> >   >
> >   >   Either way, try stunnel. that might just make your life
> easier in both
> >   >   directions, it's fairly simple.
> >   >
> >   >   On Mon, 7 May 2018, Om Kale wrote:
> >   >
> >   >   > Hi Dormando and Trond,I think I will first try
> Dormando's suggestion of stunnel before delving into changing the memcached
> code
> >   itself. I
> >   >   haven't read
> >   >   > much about stunnel, so will need to look into it in some
> detail.
> >   >   > Again, thanks a lot for the support. It would have been
> very good if I could have used sasl (using libsasl2) directly but because
> >   of the
> >   >   GPLV3 license
> >   >   > requirements that is a problem.
> >   >   > I will keep you updated with my progress.
> >   >   >
> >   >   >
> >   >   > Thanks and Regards,Om Kale
> >   >   >
> >   >   > On Sat, May 5, 2018 at 4:53 PM, dormando <
> dorma...@rydia.net> wrote:
> >   >   >   > On Fri, May 4, 2018 at 10:46 PM dormando <
> dorma...@rydia.net> wrote:
> >   >   >   >
> >   >   >   >   The closest would be SCRAM-SHA-256/512
> mechanism, but the RFC for that states "in combination with TLS" up front,
> and
> >   I'd be
> >   >   wary of
> >   >   >   using it
> >   >   >   >   over the internet as well.
> >   >   >   >
> >   >   >   >
> >   >   >   > If we ignore TLS for a second and just look at
> SCRAM it is fairly easy to implement a minimalistic support for those
> >   mechanisms
> >   >   within
> >   >   >   SASL. There is
> >   >   >   

Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.

[dormando]

On Mon, 7 May 2018, Om Kale wrote:

> Okcouple of follow up questions on the same:1. Inorder to enable/set up 
> stunnel on memcached server, I need to create certificates using openssl. How
> do I execute the openssl certificate generation on memcached server? Also, 
> after this how could I distribute this to client?

There are lots of guides online about how to manage certificates; that is
beyond the scope of this mailing list. I will give you a hint though: that
you don't need to generate the certificates from any particular place.

> 2. Additionally, when you say 'you can modify libmemcached to use OpenSSL 
> directly', you mean setting up the socket connections in client to support
> SSL/TLS, corect?

Yes.

>
> Thanks and Regards,Om Kale
>
>
> On Mon, May 7, 2018 at 1:11 PM, dormando  wrote:
>   hmm. I guess so...
>
>   re: stunnel, as I detailed you still have to get the client 
> (libmemcached)
>   to talk over TLS. For the server, no change.
>
>   For the client, you could prototype by having stunnel local to the 
> client
>   and connect through that. so you have stunnel talking to stunnel. If
>   that's not something you can deploy for clients, you can modify
>   libmemcached to use OpenSSL directly, which should be easier than
>   modifying the server.
>
>   On Mon, 7 May 2018, Om Kale wrote:
>
>   > The problem with libsasl2 was regarding license. Also, I am unsure if 
> libsasl2 will give me an ability to perform some sort of certificate
>   based
>   > authentication.One more question I had was, would the use of stunnel 
> need any code change with memached codebase?
>   >
>   > Thanks and Regards,Om Kale
>   >
>   >
>   > On Mon, May 7, 2018 at 12:40 PM, dormando  wrote:
>   >       Hey,
>   >
>   >       Just to be clear: I'm completely positive you can make this 
> work with just
>   >       the libsasl2 that comes with openwrt, you don't need to rebuild 
> it. the
>   >       problem is you can't use sasl over an untrusted network: SASL 
> is supposed
>   >       to be used underneath TLS or a trusted network.
>   >
>   >       Either way, try stunnel. that might just make your life easier 
> in both
>   >       directions, it's fairly simple.
>   >
>   >       On Mon, 7 May 2018, Om Kale wrote:
>   >
>   >       > Hi Dormando and Trond,I think I will first try Dormando's 
> suggestion of stunnel before delving into changing the memcached code
>   itself. I
>   >       haven't read
>   >       > much about stunnel, so will need to look into it in some 
> detail.
>   >       > Again, thanks a lot for the support. It would have been very 
> good if I could have used sasl (using libsasl2) directly but because
>   of the
>   >       GPLV3 license
>   >       > requirements that is a problem.
>   >       > I will keep you updated with my progress.
>   >       >
>   >       >
>   >       > Thanks and Regards,Om Kale
>   >       >
>   >       > On Sat, May 5, 2018 at 4:53 PM, dormando  
> wrote:
>   >       >       > On Fri, May 4, 2018 at 10:46 PM dormando 
>  wrote:
>   >       >       >
>   >       >       >       The closest would be SCRAM-SHA-256/512 
> mechanism, but the RFC for that states "in combination with TLS" up front, and
>   I'd be
>   >       wary of
>   >       >       using it
>   >       >       >       over the internet as well.
>   >       >       >
>   >       >       >
>   >       >       > If we ignore TLS for a second and just look at SCRAM 
> it is fairly easy to implement a minimalistic support for those
>   mechanisms
>   >       within
>   >       >       SASL. There is
>   >       >       > however one huge problem by using them in memcached 
> without doing major refactoring in the SASL support in memcached. By
>   design
>   >       SCRAM use a
>   >       >       hashing
>   >       >       > function with an iteration count, which should be set 
> high enough to burn enough CPU on both the client and the server to
>   make
>   >       brute force
>   >       >       attacks
>   >       >       > "impossible" (the RFC states that for SCRAM-SHA1 it 
> should be _at least 4096_). Given that the memcached runs the SASL
>   operations
>   >       in the
>   >       >       _front end
>   >       >       > threads_, it would block all the clients bound to 
> that thread every time someone tries to authenticate. If there is clients
>   >       connecting all
>   >       >       the time one
>   >       >       > could end up with all worker threads running PBKDF2 
> hashing and all other operations timing out ;)
>   >       >       >
>   >       >       > In order to add support for SCRAM you 

Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.

[Om Kale]

Okcouple of follow up questions on the same:
1. Inorder to enable/set up stunnel on memcached server, I need to create
certificates using openssl. How do I execute the openssl certificate
generation on memcached server? Also, after this how could I distribute
this to client?
2. Additionally, when you say 'you can modify libmemcached to use OpenSSL
directly', you mean setting up the socket connections in client to support
SSL/TLS, corect?


Thanks and Regards,
Om Kale


On Mon, May 7, 2018 at 1:11 PM, dormando  wrote:

> hmm. I guess so...
>
> re: stunnel, as I detailed you still have to get the client (libmemcached)
> to talk over TLS. For the server, no change.
>
> For the client, you could prototype by having stunnel local to the client
> and connect through that. so you have stunnel talking to stunnel. If
> that's not something you can deploy for clients, you can modify
> libmemcached to use OpenSSL directly, which should be easier than
> modifying the server.
>
> On Mon, 7 May 2018, Om Kale wrote:
>
> > The problem with libsasl2 was regarding license. Also, I am unsure if
> libsasl2 will give me an ability to perform some sort of certificate based
> > authentication.One more question I had was, would the use of stunnel
> need any code change with memached codebase?
> >
> > Thanks and Regards,Om Kale
> >
> >
> > On Mon, May 7, 2018 at 12:40 PM, dormando  wrote:
> >   Hey,
> >
> >   Just to be clear: I'm completely positive you can make this work
> with just
> >   the libsasl2 that comes with openwrt, you don't need to rebuild
> it. the
> >   problem is you can't use sasl over an untrusted network: SASL is
> supposed
> >   to be used underneath TLS or a trusted network.
> >
> >   Either way, try stunnel. that might just make your life easier in
> both
> >   directions, it's fairly simple.
> >
> >   On Mon, 7 May 2018, Om Kale wrote:
> >
> >   > Hi Dormando and Trond,I think I will first try Dormando's
> suggestion of stunnel before delving into changing the memcached code
> itself. I
> >   haven't read
> >   > much about stunnel, so will need to look into it in some detail.
> >   > Again, thanks a lot for the support. It would have been very
> good if I could have used sasl (using libsasl2) directly but because of the
> >   GPLV3 license
> >   > requirements that is a problem.
> >   > I will keep you updated with my progress.
> >   >
> >   >
> >   > Thanks and Regards,Om Kale
> >   >
> >   > On Sat, May 5, 2018 at 4:53 PM, dormando 
> wrote:
> >   >   > On Fri, May 4, 2018 at 10:46 PM dormando <
> dorma...@rydia.net> wrote:
> >   >   >
> >   >   >   The closest would be SCRAM-SHA-256/512 mechanism,
> but the RFC for that states "in combination with TLS" up front, and I'd be
> >   wary of
> >   >   using it
> >   >   >   over the internet as well.
> >   >   >
> >   >   >
> >   >   > If we ignore TLS for a second and just look at SCRAM it
> is fairly easy to implement a minimalistic support for those mechanisms
> >   within
> >   >   SASL. There is
> >   >   > however one huge problem by using them in memcached
> without doing major refactoring in the SASL support in memcached. By design
> >   SCRAM use a
> >   >   hashing
> >   >   > function with an iteration count, which should be set
> high enough to burn enough CPU on both the client and the server to make
> >   brute force
> >   >   attacks
> >   >   > "impossible" (the RFC states that for SCRAM-SHA1 it
> should be _at least 4096_). Given that the memcached runs the SASL
> operations
> >   in the
> >   >   _front end
> >   >   > threads_, it would block all the clients bound to that
> thread every time someone tries to authenticate. If there is clients
> >   connecting all
> >   >   the time one
> >   >   > could end up with all worker threads running PBKDF2
> hashing and all other operations timing out ;)
> >   >   >
> >   >   > In order to add support for SCRAM you would have to move
> the hashing over to a separate thread, and there is not an infrastructure
> >   for such
> >   >   thing in the
> >   >   > current memcached implementation so it would be a lot of
> work ;)
> >   >   >
> >   >
> >   >   There are actually mechanisms for passing connections to
> other threads in
> >   >   the code now :) It's used in a few places. It's not
> incredibly fast but
> >   >   connection rates typically aren't high enough to bother
> it. You'd still
> >   >   burn out your CPU though...
> >   >
> >   >   but, it's moot. if you don't trust your network you can't
> just use SASL.
> >   >   :/
> >   >
> >   >   > Dormandos suggestion 

Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.

[dormando]

hmm. I guess so...

re: stunnel, as I detailed you still have to get the client (libmemcached)
to talk over TLS. For the server, no change.

For the client, you could prototype by having stunnel local to the client
and connect through that. so you have stunnel talking to stunnel. If
that's not something you can deploy for clients, you can modify
libmemcached to use OpenSSL directly, which should be easier than
modifying the server.

On Mon, 7 May 2018, Om Kale wrote:

> The problem with libsasl2 was regarding license. Also, I am unsure if 
> libsasl2 will give me an ability to perform some sort of certificate based
> authentication.One more question I had was, would the use of stunnel need any 
> code change with memached codebase?
>
> Thanks and Regards,Om Kale
>
>
> On Mon, May 7, 2018 at 12:40 PM, dormando  wrote:
>   Hey,
>
>   Just to be clear: I'm completely positive you can make this work with 
> just
>   the libsasl2 that comes with openwrt, you don't need to rebuild it. the
>   problem is you can't use sasl over an untrusted network: SASL is 
> supposed
>   to be used underneath TLS or a trusted network.
>
>   Either way, try stunnel. that might just make your life easier in both
>   directions, it's fairly simple.
>
>   On Mon, 7 May 2018, Om Kale wrote:
>
>   > Hi Dormando and Trond,I think I will first try Dormando's suggestion 
> of stunnel before delving into changing the memcached code itself. I
>   haven't read
>   > much about stunnel, so will need to look into it in some detail.
>   > Again, thanks a lot for the support. It would have been very good if 
> I could have used sasl (using libsasl2) directly but because of the
>   GPLV3 license
>   > requirements that is a problem.
>   > I will keep you updated with my progress.
>   >
>   >
>   > Thanks and Regards,Om Kale
>   >
>   > On Sat, May 5, 2018 at 4:53 PM, dormando  wrote:
>   >       > On Fri, May 4, 2018 at 10:46 PM dormando  
> wrote:
>   >       >
>   >       >       The closest would be SCRAM-SHA-256/512 mechanism, but 
> the RFC for that states "in combination with TLS" up front, and I'd be
>   wary of
>   >       using it
>   >       >       over the internet as well.
>   >       >
>   >       >
>   >       > If we ignore TLS for a second and just look at SCRAM it is 
> fairly easy to implement a minimalistic support for those mechanisms
>   within
>   >       SASL. There is
>   >       > however one huge problem by using them in memcached without 
> doing major refactoring in the SASL support in memcached. By design
>   SCRAM use a
>   >       hashing
>   >       > function with an iteration count, which should be set high 
> enough to burn enough CPU on both the client and the server to make
>   brute force
>   >       attacks
>   >       > "impossible" (the RFC states that for SCRAM-SHA1 it should be 
> _at least 4096_). Given that the memcached runs the SASL operations
>   in the
>   >       _front end
>   >       > threads_, it would block all the clients bound to that thread 
> every time someone tries to authenticate. If there is clients
>   connecting all
>   >       the time one
>   >       > could end up with all worker threads running PBKDF2 hashing 
> and all other operations timing out ;)
>   >       >
>   >       > In order to add support for SCRAM you would have to move the 
> hashing over to a separate thread, and there is not an infrastructure
>   for such
>   >       thing in the
>   >       > current memcached implementation so it would be a lot of work 
> ;)
>   >       >
>   >
>   >       There are actually mechanisms for passing connections to other 
> threads in
>   >       the code now :) It's used in a few places. It's not incredibly 
> fast but
>   >       connection rates typically aren't high enough to bother it. 
> You'd still
>   >       burn out your CPU though...
>   >
>   >       but, it's moot. if you don't trust your network you can't just 
> use SASL.
>   >       :/
>   >
>   >       > Dormandos suggestion with stunnel (or ipsec) sounds like the 
> least amount of work, but if you _really_ don't want that (or you for
>   some
>   >       reason really
>   >       > want to implement something yourself) you could look into 
> changing memcached to use libevents bufferevents instead of the "basic"
>   form it
>   >       use today, and
>   >       > then add support for using the SSL level on top of 
> bufferevents. I haven't tested this so I have no idea of the overhead of this
>   and how it
>   >       would affect
>   >       > the overall performance. Unless all your clients want to use 
> SSL you probably want a dedicated port and thread pool serving these

Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.

[Om Kale]

The problem with libsasl2 was regarding license. Also, I am unsure if
libsasl2 will give me an ability to perform some sort of certificate based
authentication.
One more question I had was, would the use of stunnel need any code change
with memached codebase?

Thanks and Regards,
Om Kale


On Mon, May 7, 2018 at 12:40 PM, dormando  wrote:

> Hey,
>
> Just to be clear: I'm completely positive you can make this work with just
> the libsasl2 that comes with openwrt, you don't need to rebuild it. the
> problem is you can't use sasl over an untrusted network: SASL is supposed
> to be used underneath TLS or a trusted network.
>
> Either way, try stunnel. that might just make your life easier in both
> directions, it's fairly simple.
>
> On Mon, 7 May 2018, Om Kale wrote:
>
> > Hi Dormando and Trond,I think I will first try Dormando's suggestion of
> stunnel before delving into changing the memcached code itself. I haven't
> read
> > much about stunnel, so will need to look into it in some detail.
> > Again, thanks a lot for the support. It would have been very good if I
> could have used sasl (using libsasl2) directly but because of the GPLV3
> license
> > requirements that is a problem.
> > I will keep you updated with my progress.
> >
> >
> > Thanks and Regards,Om Kale
> >
> > On Sat, May 5, 2018 at 4:53 PM, dormando  wrote:
> >   > On Fri, May 4, 2018 at 10:46 PM dormando 
> wrote:
> >   >
> >   >   The closest would be SCRAM-SHA-256/512 mechanism, but the
> RFC for that states "in combination with TLS" up front, and I'd be wary of
> >   using it
> >   >   over the internet as well.
> >   >
> >   >
> >   > If we ignore TLS for a second and just look at SCRAM it is
> fairly easy to implement a minimalistic support for those mechanisms within
> >   SASL. There is
> >   > however one huge problem by using them in memcached without
> doing major refactoring in the SASL support in memcached. By design SCRAM
> use a
> >   hashing
> >   > function with an iteration count, which should be set high
> enough to burn enough CPU on both the client and the server to make brute
> force
> >   attacks
> >   > "impossible" (the RFC states that for SCRAM-SHA1 it should be
> _at least 4096_). Given that the memcached runs the SASL operations in the
> >   _front end
> >   > threads_, it would block all the clients bound to that thread
> every time someone tries to authenticate. If there is clients connecting all
> >   the time one
> >   > could end up with all worker threads running PBKDF2 hashing and
> all other operations timing out ;)
> >   >
> >   > In order to add support for SCRAM you would have to move the
> hashing over to a separate thread, and there is not an infrastructure for
> such
> >   thing in the
> >   > current memcached implementation so it would be a lot of work ;)
> >   >
> >
> >   There are actually mechanisms for passing connections to other
> threads in
> >   the code now :) It's used in a few places. It's not incredibly
> fast but
> >   connection rates typically aren't high enough to bother it. You'd
> still
> >   burn out your CPU though...
> >
> >   but, it's moot. if you don't trust your network you can't just use
> SASL.
> >   :/
> >
> >   > Dormandos suggestion with stunnel (or ipsec) sounds like the
> least amount of work, but if you _really_ don't want that (or you for some
> >   reason really
> >   > want to implement something yourself) you could look into
> changing memcached to use libevents bufferevents instead of the "basic"
> form it
> >   use today, and
> >   > then add support for using the SSL level on top of bufferevents.
> I haven't tested this so I have no idea of the overhead of this and how it
> >   would affect
> >   > the overall performance. Unless all your clients want to use SSL
> you probably want a dedicated port and thread pool serving these
> >   connections. It all
> >   > depends on the performance requirements you've got...
> >
> >   I'm more concerned about the poor person ending up stuck with a
> fork after
> >   weeks of work.. it's not exactly a straightforward change. I do
> intend to
> >   add TLS support this year. Would help if someone sponsored the
> work though
> >   :P
> >
> >   --
> >
> >   ---
> >   You received this message because you are subscribed to the Google
> Groups "memcached" group.
> >   To unsubscribe from this group and stop receiving emails from it,
> send an email to memcached+unsubscr...@googlegroups.com.
> >   For more options, visit https://groups.google.com/d/optout.
> >
> >
> > --
> >
> > ---
> > You received this message because you are subscribed to the Google
> Groups "memcached" group.
> > To unsubscribe from this group and stop receiving emails from it, send
> an email to 

Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.

[dormando]

Hey,

Just to be clear: I'm completely positive you can make this work with just
the libsasl2 that comes with openwrt, you don't need to rebuild it. the
problem is you can't use sasl over an untrusted network: SASL is supposed
to be used underneath TLS or a trusted network.

Either way, try stunnel. that might just make your life easier in both
directions, it's fairly simple.

On Mon, 7 May 2018, Om Kale wrote:

> Hi Dormando and Trond,I think I will first try Dormando's suggestion of 
> stunnel before delving into changing the memcached code itself. I haven't read
> much about stunnel, so will need to look into it in some detail.
> Again, thanks a lot for the support. It would have been very good if I could 
> have used sasl (using libsasl2) directly but because of the GPLV3 license
> requirements that is a problem.
> I will keep you updated with my progress.
>
>
> Thanks and Regards,Om Kale
>
> On Sat, May 5, 2018 at 4:53 PM, dormando  wrote:
>   > On Fri, May 4, 2018 at 10:46 PM dormando  wrote:
>   >
>   >       The closest would be SCRAM-SHA-256/512 mechanism, but the RFC 
> for that states "in combination with TLS" up front, and I'd be wary of
>   using it
>   >       over the internet as well.
>   >
>   >
>   > If we ignore TLS for a second and just look at SCRAM it is fairly 
> easy to implement a minimalistic support for those mechanisms within
>   SASL. There is
>   > however one huge problem by using them in memcached without doing 
> major refactoring in the SASL support in memcached. By design SCRAM use a
>   hashing
>   > function with an iteration count, which should be set high enough to 
> burn enough CPU on both the client and the server to make brute force
>   attacks
>   > "impossible" (the RFC states that for SCRAM-SHA1 it should be _at 
> least 4096_). Given that the memcached runs the SASL operations in the
>   _front end
>   > threads_, it would block all the clients bound to that thread every 
> time someone tries to authenticate. If there is clients connecting all
>   the time one
>   > could end up with all worker threads running PBKDF2 hashing and all 
> other operations timing out ;)
>   >
>   > In order to add support for SCRAM you would have to move the hashing 
> over to a separate thread, and there is not an infrastructure for such
>   thing in the
>   > current memcached implementation so it would be a lot of work ;)
>   >
>
>   There are actually mechanisms for passing connections to other threads 
> in
>   the code now :) It's used in a few places. It's not incredibly fast but
>   connection rates typically aren't high enough to bother it. You'd still
>   burn out your CPU though...
>
>   but, it's moot. if you don't trust your network you can't just use SASL.
>   :/
>
>   > Dormandos suggestion with stunnel (or ipsec) sounds like the least 
> amount of work, but if you _really_ don't want that (or you for some
>   reason really
>   > want to implement something yourself) you could look into changing 
> memcached to use libevents bufferevents instead of the "basic" form it
>   use today, and
>   > then add support for using the SSL level on top of bufferevents. I 
> haven't tested this so I have no idea of the overhead of this and how it
>   would affect
>   > the overall performance. Unless all your clients want to use SSL you 
> probably want a dedicated port and thread pool serving these
>   connections. It all
>   > depends on the performance requirements you've got... 
>
>   I'm more concerned about the poor person ending up stuck with a fork 
> after
>   weeks of work.. it's not exactly a straightforward change. I do intend 
> to
>   add TLS support this year. Would help if someone sponsored the work 
> though
>   :P
>
>   --
>
>   ---
>   You received this message because you are subscribed to the Google 
> Groups "memcached" group.
>   To unsubscribe from this group and stop receiving emails from it, send 
> an email to memcached+unsubscr...@googlegroups.com.
>   For more options, visit https://groups.google.com/d/optout.
>
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups 
> "memcached" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to memcached+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>
>

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"memcached" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to memcached+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.

[Om Kale]

Hi Dormando and Trond,
I think I will first try Dormando's suggestion of stunnel before delving
into changing the memcached code itself. I haven't read much about stunnel,
so will need to look into it in some detail.
Again, thanks a lot for the support. It would have been very good if I
could have used sasl (using libsasl2) directly but because of the GPLV3
license requirements that is a problem.
I will keep you updated with my progress.


Thanks and Regards,
Om Kale

On Sat, May 5, 2018 at 4:53 PM, dormando  wrote:

> > On Fri, May 4, 2018 at 10:46 PM dormando  wrote:
> >
> >   The closest would be SCRAM-SHA-256/512 mechanism, but the RFC for
> that states "in combination with TLS" up front, and I'd be wary of using it
> >   over the internet as well.
> >
> >
> > If we ignore TLS for a second and just look at SCRAM it is fairly easy
> to implement a minimalistic support for those mechanisms within SASL. There
> is
> > however one huge problem by using them in memcached without doing major
> refactoring in the SASL support in memcached. By design SCRAM use a hashing
> > function with an iteration count, which should be set high enough to
> burn enough CPU on both the client and the server to make brute force
> attacks
> > "impossible" (the RFC states that for SCRAM-SHA1 it should be _at least
> 4096_). Given that the memcached runs the SASL operations in the _front end
> > threads_, it would block all the clients bound to that thread every time
> someone tries to authenticate. If there is clients connecting all the time
> one
> > could end up with all worker threads running PBKDF2 hashing and all
> other operations timing out ;)
> >
> > In order to add support for SCRAM you would have to move the hashing
> over to a separate thread, and there is not an infrastructure for such
> thing in the
> > current memcached implementation so it would be a lot of work ;)
> >
>
> There are actually mechanisms for passing connections to other threads in
> the code now :) It's used in a few places. It's not incredibly fast but
> connection rates typically aren't high enough to bother it. You'd still
> burn out your CPU though...
>
> but, it's moot. if you don't trust your network you can't just use SASL.
> :/
>
> > Dormandos suggestion with stunnel (or ipsec) sounds like the least
> amount of work, but if you _really_ don't want that (or you for some reason
> really
> > want to implement something yourself) you could look into changing
> memcached to use libevents bufferevents instead of the "basic" form it use
> today, and
> > then add support for using the SSL level on top of bufferevents. I
> haven't tested this so I have no idea of the overhead of this and how it
> would affect
> > the overall performance. Unless all your clients want to use SSL you
> probably want a dedicated port and thread pool serving these connections.
> It all
> > depends on the performance requirements you've got...
>
> I'm more concerned about the poor person ending up stuck with a fork after
> weeks of work.. it's not exactly a straightforward change. I do intend to
> add TLS support this year. Would help if someone sponsored the work though
> :P
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "memcached" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to memcached+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"memcached" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to memcached+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.

[dormando]

> On Fri, May 4, 2018 at 10:46 PM dormando  wrote:
>
>   The closest would be SCRAM-SHA-256/512 mechanism, but the RFC for that 
> states "in combination with TLS" up front, and I'd be wary of using it
>   over the internet as well.
>
>
> If we ignore TLS for a second and just look at SCRAM it is fairly easy to 
> implement a minimalistic support for those mechanisms within SASL. There is
> however one huge problem by using them in memcached without doing major 
> refactoring in the SASL support in memcached. By design SCRAM use a hashing
> function with an iteration count, which should be set high enough to burn 
> enough CPU on both the client and the server to make brute force attacks
> "impossible" (the RFC states that for SCRAM-SHA1 it should be _at least 
> 4096_). Given that the memcached runs the SASL operations in the _front end
> threads_, it would block all the clients bound to that thread every time 
> someone tries to authenticate. If there is clients connecting all the time one
> could end up with all worker threads running PBKDF2 hashing and all other 
> operations timing out ;)
>
> In order to add support for SCRAM you would have to move the hashing over to 
> a separate thread, and there is not an infrastructure for such thing in the
> current memcached implementation so it would be a lot of work ;)
>

There are actually mechanisms for passing connections to other threads in
the code now :) It's used in a few places. It's not incredibly fast but
connection rates typically aren't high enough to bother it. You'd still
burn out your CPU though...

but, it's moot. if you don't trust your network you can't just use SASL.
:/

> Dormandos suggestion with stunnel (or ipsec) sounds like the least amount of 
> work, but if you _really_ don't want that (or you for some reason really
> want to implement something yourself) you could look into changing memcached 
> to use libevents bufferevents instead of the "basic" form it use today, and
> then add support for using the SSL level on top of bufferevents. I haven't 
> tested this so I have no idea of the overhead of this and how it would affect
> the overall performance. Unless all your clients want to use SSL you probably 
> want a dedicated port and thread pool serving these connections. It all
> depends on the performance requirements you've got... 

I'm more concerned about the poor person ending up stuck with a fork after
weeks of work.. it's not exactly a straightforward change. I do intend to
add TLS support this year. Would help if someone sponsored the work though
:P

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"memcached" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to memcached+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.

[Trond Norbye]

On Fri, May 4, 2018 at 10:46 PM dormando  wrote:

>
> The closest would be SCRAM-SHA-256/512 mechanism, but the RFC for that
> states "in combination with TLS" up front, and I'd be wary of using it
> over the internet as well.
>

If we ignore TLS for a second and just look at SCRAM it is fairly easy to
implement a minimalistic support for those mechanisms within SASL. There is
however one huge problem by using them in memcached without doing major
refactoring in the SASL support in memcached. By design SCRAM use a hashing
function with an iteration count, which should be set high enough to burn
enough CPU on both the client and the server to make brute force attacks
"impossible" (the RFC states that for SCRAM-SHA1 it should be _at least
4096_). Given that the memcached runs the SASL operations in the _front end
threads_, it would block all the clients bound to that thread every time
someone tries to authenticate. If there is clients connecting all the time
one could end up with all worker threads running PBKDF2 hashing and all
other operations timing out ;)

In order to add support for SCRAM you would have to move the hashing over
to a separate thread, and there is not an infrastructure for such thing in
the current memcached implementation so it would be a lot of work ;)

Dormandos suggestion with stunnel (or ipsec) sounds like the least amount
of work, but if you _really_ don't want that (or you for some reason really
want to implement something yourself) you could look into changing
memcached to use libevents bufferevents instead of the "basic" form it use
today, and then add support for using the SSL level on top of bufferevents.
I haven't tested this so I have no idea of the overhead of this and how it
would affect the overall performance. Unless all your clients want to use
SSL you probably want a dedicated port and thread pool serving these
connections. It all depends on the performance requirements you've got...

Trond

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"memcached" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to memcached+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.

[dormando]

Actually I take this back... SASL is not usable over the internet in any
form. It didn't click in my head that you were going over the internet for
some reason.

The closest would be SCRAM-SHA-256/512 mechanism, but the RFC for that
states "in combination with TLS" up front, and I'd be wary of using it
over the internet as well.

Have you considered just dropping stunnel in front of things? It trivially
supports using a database for client certificate authentication, then you
could just disable SASL or keep it on PLAIN which would be alright given
the situation.

This'll depend on the client a bit. You didn't describe what the clients
are which are connecting to these servers running on openwrt? Please fill
us in at least.

You have two options:

1) Start an stunnel locally and have the client connect through that to
the remote server. This is easiest/best if you can do it.

2) Use stunnel to authenticate clients and unwrap TLS on the server, and
add trivial support for blocking SSL to libmemcached. This could possibly
be simpler (or at least half the work) than your original plan. Getting
this all going in the server is pretty painful, but on the client end you
only have to deal with a single certificate and you can block while
connecting/running commands.

On Fri, 4 May 2018, dormando wrote:

> Hey,
>
> On Fri, 4 May 2018, Om Kale wrote:
>
> > Hey Dormando and Trond,Thanks a lot for all of your inputs. 
> > Let me give you guys a quick summary of what I am planning to do and the 
> > issues I am facing:
> > I need memcached server with encryption and authentication support on 
> > wireless devices. (Encyption, there is a way using set encoding key with
> > libmemcached, I need to write a decoding key function. (this looks 
> > feasible)) 
> > Basically, when a libmemcached client connects, the memcached server only 
> > allows the authenticated users/clients and then once this is done, the
> > communication is encrypted)
> > Hence I needed a openwrt package for SASL that can directly be downloaded 
> > from the website and used without modification - therefore the decision to 
> > use
> > Cyrus-SASL)
> > Here are the problems:
> > 1. Cyrus-SASL
> > Cyrus-SASL (version 2.1.27-rc7) has two files with GPLv3 license, hence I 
> > cannot use it. Also, the openwrt Cyrus-SASL has only the libsasl2 library, 
> > not
> > some of the other libraries mentioned that are needed for SASL support as 
> > per the Couchbase link.
> > https://blog.couchbase.com/sasl-memcached-now-available/) 
>
> Have you tried to just use libsasl2 and run it? I'm pretty sure the daemon
> doesn't need more than that after it's been compiled. The other libraries
> linked in the blog are the saslpasswd/etc stuff that you don't need.
>
> Just installed libsasl2 on my openwrt/lede router and it has digest/cram
> modules:
> # opkg files libsasl2
> Package libsasl2 (2.1.26-3) is installed on root and has the following
> files:
> /usr/lib/sasl2/libdigestmd5.so.3
> /usr/lib/libsasl2.so.3.0.0
> /usr/lib/libsasl2.so.3
> /usr/lib/sasl2/libscram.so
> /usr/lib/sasl2/libdigestmd5.so
> /usr/lib/sasl2/libplain.so.3
> /usr/lib/sasl2/libanonymous.so.3.0.0
> /usr/lib/sasl2/libscram.so.3.0.0
> /usr/lib/sasl2/libdigestmd5.so.3.0.0
> /usr/lib/sasl2/libanonymous.so.3
> /usr/lib/sasl2/libanonymous.so
> /usr/lib/libsasl2.so
> /usr/lib/sasl2/libplain.so.3.0.0
> /usr/lib/sasl2/libplain.so
> /usr/lib/sasl2/libcrammd5.so.3.0.0
> /usr/lib/sasl2/libcrammd5.so.3
> /usr/lib/sasl2/libcrammd5.so
> /usr/lib/sasl2/libscram.so.3
>
> So if you build the passwd db and ship it over, or use the spec to write a
> small tool to generate the file properly, that seems like your least
> effort route.
>
> > FYI, I see the client here apparently appends the @localhostname with the 
> > username. So this same format needs to be stored in the passwd file.
>
> I'd recommend code diving to understand this.
>
> > 2. I cannot use 'PLAIN' as I would see the username/passwords on packet 
> > sniffs (wireshark or any other tool) Additionally, if the password file is
> > accessed it would be a problem.
>
> ok
>
> > 3. I also see lot of blogs involving DDOS on memcached with UDP mode. (I am 
> > not sure if there is any future release where this is going to be planned)
>
> not relevant? Just disable UDP mode. it's not necessary and off by default
> in latest versions.
>
> > 4. One of the options that I could do is change the memcached/libmemcached 
> > code itself to turn the sockets into SSL/TLS sockets. This would add some
> > overheard and few extra message exchanges but could be a viable solution. 
> > Also, would need some help from the memcached community for this.
>
> This is much, much harder than you'd expect and I'm only assuming you
> think it's easier than doing what Trond suggested because you expect there
> to be one place in the code where "connections" are handled. It's a fairly
> large change that would end up touching much of the codebase.
>
> By comparison, just using libsasl2 

Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.

[dormando]

Hey,

On Fri, 4 May 2018, Om Kale wrote:

> Hey Dormando and Trond,Thanks a lot for all of your inputs. 
> Let me give you guys a quick summary of what I am planning to do and the 
> issues I am facing:
> I need memcached server with encryption and authentication support on 
> wireless devices. (Encyption, there is a way using set encoding key with
> libmemcached, I need to write a decoding key function. (this looks feasible)) 
> Basically, when a libmemcached client connects, the memcached server only 
> allows the authenticated users/clients and then once this is done, the
> communication is encrypted)
> Hence I needed a openwrt package for SASL that can directly be downloaded 
> from the website and used without modification - therefore the decision to use
> Cyrus-SASL)
> Here are the problems:
> 1. Cyrus-SASL
> Cyrus-SASL (version 2.1.27-rc7) has two files with GPLv3 license, hence I 
> cannot use it. Also, the openwrt Cyrus-SASL has only the libsasl2 library, not
> some of the other libraries mentioned that are needed for SASL support as per 
> the Couchbase link.
> https://blog.couchbase.com/sasl-memcached-now-available/) 

Have you tried to just use libsasl2 and run it? I'm pretty sure the daemon
doesn't need more than that after it's been compiled. The other libraries
linked in the blog are the saslpasswd/etc stuff that you don't need.

Just installed libsasl2 on my openwrt/lede router and it has digest/cram
modules:
# opkg files libsasl2
Package libsasl2 (2.1.26-3) is installed on root and has the following
files:
/usr/lib/sasl2/libdigestmd5.so.3
/usr/lib/libsasl2.so.3.0.0
/usr/lib/libsasl2.so.3
/usr/lib/sasl2/libscram.so
/usr/lib/sasl2/libdigestmd5.so
/usr/lib/sasl2/libplain.so.3
/usr/lib/sasl2/libanonymous.so.3.0.0
/usr/lib/sasl2/libscram.so.3.0.0
/usr/lib/sasl2/libdigestmd5.so.3.0.0
/usr/lib/sasl2/libanonymous.so.3
/usr/lib/sasl2/libanonymous.so
/usr/lib/libsasl2.so
/usr/lib/sasl2/libplain.so.3.0.0
/usr/lib/sasl2/libplain.so
/usr/lib/sasl2/libcrammd5.so.3.0.0
/usr/lib/sasl2/libcrammd5.so.3
/usr/lib/sasl2/libcrammd5.so
/usr/lib/sasl2/libscram.so.3

So if you build the passwd db and ship it over, or use the spec to write a
small tool to generate the file properly, that seems like your least
effort route.

> FYI, I see the client here apparently appends the @localhostname with the 
> username. So this same format needs to be stored in the passwd file.

I'd recommend code diving to understand this.

> 2. I cannot use 'PLAIN' as I would see the username/passwords on packet 
> sniffs (wireshark or any other tool) Additionally, if the password file is
> accessed it would be a problem.

ok

> 3. I also see lot of blogs involving DDOS on memcached with UDP mode. (I am 
> not sure if there is any future release where this is going to be planned)

not relevant? Just disable UDP mode. it's not necessary and off by default
in latest versions.

> 4. One of the options that I could do is change the memcached/libmemcached 
> code itself to turn the sockets into SSL/TLS sockets. This would add some
> overheard and few extra message exchanges but could be a viable solution. 
> Also, would need some help from the memcached community for this.

This is much, much harder than you'd expect and I'm only assuming you
think it's easier than doing what Trond suggested because you expect there
to be one place in the code where "connections" are handled. It's a fairly
large change that would end up touching much of the codebase.

By comparison, just using libsasl2 from openwrt (please tell us why you
can't, specifically?) and writing a tool to generate the digest file looks
good. I haven't look at the cyrus-sasl API's though.

Failing that, doing what trond suggested is probably fairly fast since the
code is isolated behind a few specific calls.

>
>
>
>
>
> Thanks and Regards,Om Kale
>
>
> On Thu, May 3, 2018 at 11:04 PM, Trond Norbye  wrote:
>   If all you need is SASL authentication with DIGEST-MD5 and PLAIN 
> mechanisms you should be able to implement the few methods used by memcached
>   relatively quickly after you read the SASL spec (and get around any 
> licensing issues).
> During startup memcached calls sasl_server_init where it sets up an array of 
> callback functions the SASL implementation may call to get more
> information. In this function you may read your entire password database into 
> memory to avoid file IO at a later time.
>
> When a client connects memcached calls sasl_server_new, where it creates and 
> initializes a handle to your library (which is later released by
> memcached calling sasl_dispose with the same pointer. After memcached called 
> sasl_dispose it won't use that handle.
>
> A client needs to know which mechanisms the server supports, and in order to 
> do that it calls sasl_list_mech which builds up a textual string like:
> "DIGEST-MD5 PLAIN" (or whatever mechanisms you choose to implement).
>
> Then there is two more functions you need to 

Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.

[Trond Norbye]

If all you need is SASL authentication with DIGEST-MD5 and PLAIN mechanisms
you should be able to implement the few methods used by memcached
relatively quickly after you read the SASL spec (and get around any
licensing issues).

During startup memcached calls sasl_server_init where it sets up an array
of callback functions the SASL implementation may call to get more
information. In this function you may read your entire password database
into memory to avoid file IO at a later time.

When a client connects memcached calls sasl_server_new, where it creates
and initializes a handle to your library (which is later released by
memcached calling sasl_dispose with the same pointer. After memcached
called sasl_dispose it won't use that handle.

A client needs to know which mechanisms the server supports, and in order
to do that it calls sasl_list_mech which builds up a textual string like:
"DIGEST-MD5 PLAIN" (or whatever mechanisms you choose to implement).

Then there is two more functions you need to implement: sasl_server_start
and sasl_server_stop. The first one takes the mechanism the client wants to
use  (for instance PLAIN) and the challenge the client generated (for PAIN
this looks like \0username\0password\0 if my memory serves me right). For
plain authentication we don't need to involve the client more in order to
complete the password check so you can verify the username and password and
return the appropriate error code. For other mechanisms you may need more
information from the client, so you would return SASL_CONTINUE and return
the data you want to send to the client in the two last parameters which is
sent to the client. The client consumes those bytes and generate a new
challenge for you and memcached ends up calling sasl_server_step processing
those bytes and completes the authentication (or generate yet another
challenge to send back to the client).

To sum this up all you need to implement to have your own minimalistic SASL
implementation is:

sasl_server_init (called once during startup)
sasl_server_new (called once for every connection if the client tries to
use SASL)
sasl_list_mech (called every time the client
sends PROTOCOL_BINARY_CMD_SASL_LIST_MECHS)
sasl_server_start (called when the client sends
PROTOCOL_BINARY_CMD_SASL_AUTH)
sasl_server_step (called when the server
sends PROTOCOL_BINARY_CMD_SASL_STEP)
sasl_dispose (called as part of connection shutdown if SASL was used)

Cheers

Trond


On Fri, May 4, 2018 at 6:34 AM dormando  wrote:

> You need the server to be on any OS? I thought it was a router thing you
> were embedding.
>
> What exactly are you doing, if you can share?
>
> On Wed, 2 May 2018, Om Kale wrote:
>
> > Hey Dormando,Yes you are right. I agree with you. I have gotten
> everything working with Ubuntu since Day 1 using the libsasl2,sasl2-bin and
> the other
> > installs mentioned. However, the problem is I need it working on all
> OS's. Also, I cannot use Cyrus-SASL (that has only libsasl2 bundled) in my
> project
> > now as some of the files in its latest 2.1.27-rc7 version have a GPLv3
> license requirement. That's the reason I have thought of the change. Bit of
> a dire
> > straits situation here.
> >
> >
> > Thanks and Regards,Om Kale
> >
> >
> > On Wed, May 2, 2018 at 7:25 PM, dormando  wrote:
> >   Hey,
> >
> >   Please interpret this with kindness: if you're struggling getting
> sasl to
> >   work, getting asynchronous TLS to work, be performant enough, and
> not
> >   buggy, while also forking the project, is going to be a very very
> bad idea
> >   for you.
> >
> >   If you're willing to put the effort into figuring out TLS into
> memcached,
> >   you're better off reading the cyrus source code to figure out how
> password
> >   databases work. Read the SASL protocol spec (it's not too bad).
> >
> >   I see you spending a huge amount of time trying to work around the
> bugs
> >   you encounter; instead of going around, go through them. Get the
> password
> >   file to work the way you want it to.
> >
> >   On Wed, 2 May 2018, Om Kale wrote:
> >
> >   > Hi Dormando,Thanks for your reply. Yes, that works. Also, one
> more thing that I was
> >   > curious to know or rather want to add to memcached.
> >   > Is there anyway I can go ahead and modify memcached itself to
> support SSL/TLS (using
> >   > certificates) without using this third-party cyrus
> plugin/libsasl2?
> >   > If yes, where the memcached code need to be added for this.
> Basically, I want to know
> >   > where exactly in the memcached code does the client connect to
> server and do the SASL
> >   > protocol negotiation/exchanges)
> >   > I was thinking of adding a way in which memcached would be able
> to support
> >   > authentication depending on whatever ssl library the user wants
> to use. (not restrict it
> >   > to cyrus-sasl or libsasl2)
> >   >
> >   >
> 

Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.

[dormando]

You need the server to be on any OS? I thought it was a router thing you
were embedding.

What exactly are you doing, if you can share?

On Wed, 2 May 2018, Om Kale wrote:

> Hey Dormando,Yes you are right. I agree with you. I have gotten everything 
> working with Ubuntu since Day 1 using the libsasl2,sasl2-bin and the other
> installs mentioned. However, the problem is I need it working on all OS's. 
> Also, I cannot use Cyrus-SASL (that has only libsasl2 bundled) in my project
> now as some of the files in its latest 2.1.27-rc7 version have a GPLv3 
> license requirement. That's the reason I have thought of the change. Bit of a 
> dire
> straits situation here.
>
>
> Thanks and Regards,Om Kale
>
>
> On Wed, May 2, 2018 at 7:25 PM, dormando  wrote:
>   Hey,
>
>   Please interpret this with kindness: if you're struggling getting sasl 
> to
>   work, getting asynchronous TLS to work, be performant enough, and not
>   buggy, while also forking the project, is going to be a very very bad 
> idea
>   for you.
>
>   If you're willing to put the effort into figuring out TLS into 
> memcached,
>   you're better off reading the cyrus source code to figure out how 
> password
>   databases work. Read the SASL protocol spec (it's not too bad).
>
>   I see you spending a huge amount of time trying to work around the bugs
>   you encounter; instead of going around, go through them. Get the 
> password
>   file to work the way you want it to.
>
>   On Wed, 2 May 2018, Om Kale wrote:
>
>   > Hi Dormando,Thanks for your reply. Yes, that works. Also, one more 
> thing that I was
>   > curious to know or rather want to add to memcached.
>   > Is there anyway I can go ahead and modify memcached itself to support 
> SSL/TLS (using
>   > certificates) without using this third-party cyrus plugin/libsasl2?
>   > If yes, where the memcached code need to be added for this. 
> Basically, I want to know
>   > where exactly in the memcached code does the client connect to server 
> and do the SASL
>   > protocol negotiation/exchanges)
>   > I was thinking of adding a way in which memcached would be able to 
> support
>   > authentication depending on whatever ssl library the user wants to 
> use. (not restrict it
>   > to cyrus-sasl or libsasl2)
>   >
>   >
>   > Thanks and Regards,Om Kale
>   >
>   >
>   > On Mon, Apr 30, 2018 at 1:50 PM, dormando  wrote:
>   >       Hey,
>   >
>   >       The passwd needs to be created with saslpasswd for most of the 
> other auth
>   >       types to work, otherwise you'll have to do it manually and I 
> have no idea
>   >       how to do that. IE; the saslpasswd files I created when trying 
> to
>   >       reproduce your method worked fine with DIGEST-MD5 as well.
>   >
>   >       On Mon, 30 Apr 2018, Om Kale wrote:
>   >
>   >       > Hi All,I am trying to get my head around making memcached 
> work with SASL
>   >       support. The PLAIN auth is working but still running into 
> issues for
>   >       > DIGEST-MD5. 
>   >       > I have changed my memcached client side code to enable MD5 as 
> follows. I
>   >       have enabled the behavior to support MD5 and then passed the MD5
>   >       >
>   >       > /*
>   >       >  * Test that libmemcached is built with SASL support.
>   >       >  */
>   >       > #include 
>   >       > #include 
>   >       > #include 
>   >       > #include 
>   >       > #include 
>   >       >
>   >       > const char* key = "abc";
>   >       > const char* value = "value";
>   >       >
>   >       > // test basic get/set operation works.
>   >       > void test_getset(memcached_st* cache)
>   >       > {
>   >       >   char* r_value;
>   >       >   uint32_t flags = 0;
>   >       >   uint32_t r_flags = 0;
>   >       >   size_t val_length;
>   >       >   memcached_return_t rc;
>   >       >
>   >       >
>   >       >   rc = memcached_set(cache, key, strlen(key), value, 
> strlen(value),
>   >       (time_t)0, flags);
>   >       >   if (rc == MEMCACHED_TIMEOUT) {
>   >       >     fprintf(stderr, "Set timeout\n");
>   >       >     return;
>   >       >   } else if (rc != MEMCACHED_SUCCESS) {
>   >       >     fprintf(stderr, "Set failed: %s\n", 
> memcached_strerror(cache, rc));
>   >       >     return;
>   >       >   }
>   >       >
>   >       >   r_value = memcached_get(cache, key, strlen(key), 
> _length, _flags,
>   >       );
>   >       >   if (rc == MEMCACHED_TIMEOUT) {
>   >       >     fprintf(stderr, "Get timeout\n");
>   >       >     return;
>   >       >   } else if (rc != MEMCACHED_SUCCESS) {
>   >       >     fprintf(stderr, "Get failed: %s\n", 
> 

Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.

[dormando]

Hey,

Please interpret this with kindness: if you're struggling getting sasl to
work, getting asynchronous TLS to work, be performant enough, and not
buggy, while also forking the project, is going to be a very very bad idea
for you.

If you're willing to put the effort into figuring out TLS into memcached,
you're better off reading the cyrus source code to figure out how password
databases work. Read the SASL protocol spec (it's not too bad).

I see you spending a huge amount of time trying to work around the bugs
you encounter; instead of going around, go through them. Get the password
file to work the way you want it to.

On Wed, 2 May 2018, Om Kale wrote:

> Hi Dormando,Thanks for your reply. Yes, that works. Also, one more thing that 
> I was
> curious to know or rather want to add to memcached.
> Is there anyway I can go ahead and modify memcached itself to support SSL/TLS 
> (using
> certificates) without using this third-party cyrus plugin/libsasl2?
> If yes, where the memcached code need to be added for this. Basically, I want 
> to know
> where exactly in the memcached code does the client connect to server and do 
> the SASL
> protocol negotiation/exchanges)
> I was thinking of adding a way in which memcached would be able to support
> authentication depending on whatever ssl library the user wants to use. (not 
> restrict it
> to cyrus-sasl or libsasl2)
>
>
> Thanks and Regards,Om Kale
>
>
> On Mon, Apr 30, 2018 at 1:50 PM, dormando  wrote:
>   Hey,
>
>   The passwd needs to be created with saslpasswd for most of the other 
> auth
>   types to work, otherwise you'll have to do it manually and I have no 
> idea
>   how to do that. IE; the saslpasswd files I created when trying to
>   reproduce your method worked fine with DIGEST-MD5 as well.
>
>   On Mon, 30 Apr 2018, Om Kale wrote:
>
>   > Hi All,I am trying to get my head around making memcached work with 
> SASL
>   support. The PLAIN auth is working but still running into issues for
>   > DIGEST-MD5. 
>   > I have changed my memcached client side code to enable MD5 as 
> follows. I
>   have enabled the behavior to support MD5 and then passed the MD5
>   >
>   > /*
>   >  * Test that libmemcached is built with SASL support.
>   >  */
>   > #include 
>   > #include 
>   > #include 
>   > #include 
>   > #include 
>   >
>   > const char* key = "abc";
>   > const char* value = "value";
>   >
>   > // test basic get/set operation works.
>   > void test_getset(memcached_st* cache)
>   > {
>   >   char* r_value;
>   >   uint32_t flags = 0;
>   >   uint32_t r_flags = 0;
>   >   size_t val_length;
>   >   memcached_return_t rc;
>   >
>   >
>   >   rc = memcached_set(cache, key, strlen(key), value, strlen(value),
>   (time_t)0, flags);
>   >   if (rc == MEMCACHED_TIMEOUT) {
>   >     fprintf(stderr, "Set timeout\n");
>   >     return;
>   >   } else if (rc != MEMCACHED_SUCCESS) {
>   >     fprintf(stderr, "Set failed: %s\n", memcached_strerror(cache, 
> rc));
>   >     return;
>   >   }
>   >
>   >   r_value = memcached_get(cache, key, strlen(key), _length, 
> _flags,
>   );
>   >   if (rc == MEMCACHED_TIMEOUT) {
>   >     fprintf(stderr, "Get timeout\n");
>   >     return;
>   >   } else if (rc != MEMCACHED_SUCCESS) {
>   >     fprintf(stderr, "Get failed: %s\n", memcached_strerror(cache, 
> rc));
>   >     return;
>   >   }
>   >
>   >   if (strcmp(value, r_value) != 0) {
>   >     fprintf(stderr, "Get returned bad value! (%s != %s)!\n", value,
>   r_value);
>   >   }
>   >
>   >   if (r_flags != flags) {
>   >     fprintf(stderr, "Get returned bad flags! (%u != %u)!\n", flags,
>   r_flags);
>   >   }
>   >
>   >   fprintf(stdout, "Get/Set success!\n");
>   > }
>   >
>   > // connect with SASL.
>   > void authTest(const char* user, const char* pass, const char* server)
>   > {
>   >   memcached_server_st *servers = NULL;
>   >   memcached_return_t rc;
>   >   memcached_st *cache;
>   >   uint32_t hashVal;
>   >   uint32_t hashPass;
>   >   uint32_t hash;
>   >   uint64_t behavior = 0;
>   >
>   >
>   >   cache = memcached_create(NULL);
>   > //  uint32_t hashusername = memcached_generate_hash(cache, user,
>   strlen(user));
>   >   //hash = memcached_generate_hash(cache, user, strlen(user));
>   >   //printf ("Hash value is: %" PRIu32 "\n", hash);
>   >
>   > //  hashVal = memcached_generate_hash_value(user, strlen(user),
>   MEMCACHED_HASH_MD5);
>   > //  printf ("Hash value is: %" PRIu32 "\n", hashVal);
>   >
>   > //  hashPass = memcached_generate_hash_value(pass, strlen(pass),
>   MEMCACHED_HASH_MD5);
>   > //  printf ("Hash value is: %" PRIu32 "\n", hashPass);
>  

Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.

[Om Kale]

Hi Dormando,
Hope your doing well and thanks for all the help you have been providing.
One quick question on using other SASL mechanisms like DIGEST-MD5,
CRAM-MD5. Apart from adding them to the memcached.conf under mech_list, is
there other chages needed on client side code/ memcached-sasl-pwdb to
support these other mechanisms.
Currently I have just made the change in the memcached.conf file as follows
(just a change in the mech_list):
mech_list: DIGEST-MD5
log_level: 5
sasldb_path: /home/cisco/sasl/memcached-sasl-pwdb


It gives me following errors on server side:
<28 new binary client connection.
<28 Read binary protocol data:
<280x80 0x20 0x00 0x00
<280x00 0x00 0x00 0x00
<280x00 0x00 0x00 0x00
<280x00 0x02 0x00 0x00
<280x00 0x00 0x00 0x00
<280x00 0x00 0x00 0x00
authenticated() in cmd 0x20 is true
>28 Writing bin response:
>28   0x81 0x20 0x00 0x00
>28   0x00 0x00 0x00 0x00
>28   0x00 0x00 0x00 0x0a
>28   0x00 0x02 0x00 0x00
>28   0x00 0x00 0x00 0x00
>28   0x00 0x00 0x00 0x00
<28 Read binary protocol data:
<280x80 0x21 0x00 0x0a
<280x00 0x00 0x00 0x00
<280x00 0x00 0x00 0x0a
<280x00 0x02 0x00 0x00
<280x00 0x00 0x00 0x00
<280x00 0x00 0x00 0x00
authenticated() in cmd 0x21 is true
mech:  ``DIGEST-MD5'' with 0 bytes of data
SASL (severity 5): DIGEST-MD5 server step 1
sasl result code:  1
>28 Writing bin response:
>28   0x81 0x21 0x00 0x00
>28   0x00 0x00 0x00 0x21
>28   0x00 0x00 0x00 0x7b
>28   0x00 0x02 0x00 0x00
>28   0x00 0x00 0x00 0x00
>28   0x00 0x00 0x00 0x00
<28 connection closed.
SASL (severity 5): DIGEST-MD5 common mech dispose



Thanks and Regards,
Om Kale


On Tue, Apr 17, 2018 at 7:25 PM, Om Kale  wrote:

> Hi Dormando,
> Don't worry about it. I figured it out. I had to make some changes in the
> cyrus-sasl config files and re-configure and then make memcached again.
> Also had to re-configure libmemcached with --enable-sasl option.
> Looking forward to your token based implementation.
>
> Regards,
> Om Kale
> On Tue, Apr 17, 2018, 7:04 PM dormando  wrote:
>
>> Ah, I think you're stuck with SASL then.
>>
>> If I try to help you further I'll just be googling cyrus stuff and reading
>> its source code; it's not really something I can help you with, sorry :(
>>
>> On Tue, 17 Apr 2018, Om Kale wrote:
>>
>> > Unique to the client.
>> >
>> > Thanks and Regards,
>> > Om Kale
>> >
>> > On Tue, Apr 17, 2018 at 3:41 PM, dormando  wrote:
>> >   Are you saying the tokens need to be unique to each client, or
>> can they
>> >   all share a single token?
>> >
>> >   On Tue, 17 Apr 2018, Om Kale wrote:
>> >
>> >   > So my wireless application needs authentication support before
>> a trusted client can do a get/set.
>> >   > As long as I can do this, the underlying mechanism is not that
>> critical. The token proposol can also work but again there should be a
>> >   mechanism where
>> >   > server authenticates for the clients and the number of clients
>> can be pretty large.
>> >   >
>> >   > Thanks and Regards,Om Kale
>> >   >
>> >   >
>> >   > On Tue, Apr 17, 2018 at 3:25 PM, dormando 
>> wrote:
>> >   >   Also, I should ask again; do you need SASL in specific or
>> would something
>> >   >   like my authentication token proposal from a week ago
>> work?
>> >   >
>> >   >   On Tue, 17 Apr 2018, dormando wrote:
>> >   >
>> >   >   > "failed to list sasl mechanisms" is beyond my knowledge
>> :/ you might not
>> >   >   > have config files for cyrus sasl. you should search
>> their
>> >   >   > knowledgebases/mails/etc.
>> >   >   >
>> >   >   > On Tue, 17 Apr 2018, Om Kale wrote:
>> >   >   >
>> >   >   > > Sorry about that it was a typo in the email:
>> >   >   > >
>> >   >   > > :~/sasl$ cat memcached.conf
>> >   >   > > mech_list: plain
>> >   >   > > log_level: 5
>> >   >   > > sasldb_path: /home/okale/sasl/memcached-sasl-pwdb
>> >   >   > >
>> >   >   > >
>> >   >   > > :~/sasl$ pwd
>> >   >   > > /home/okale/sasl
>> >   >   > > :~/sasl$
>> >   >   > > :~/sasl$ ls
>> >   >   > > memcached.conf  memcached-sasl-pwdb
>> >   >   > >
>> >   >   > >
>> >   >   > >
>> >   >   > >
>> >   >   > > Thanks and Regards,Om Kale
>> >   >   > >
>> >   >   > > On Tue, Apr 17, 2018 at 3:11 PM, dormando <
>> dorma...@rydia.net> wrote:
>> >   >   > >   Hey,
>> >   >   > >
>> >   >   > >
>> >   >   > >   >
>> >   >   > >   >
>> >   >   > >   > Btw, I do have the correct memcached.conf
>> file entry
>> >   >   > >   > mech_list: plain
>> >   >   > >   > log_level: 5
>> >   >   > >   > sasldb_path: 

Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.

[Om Kale]

Hi Dormando,
Don't worry about it. I figured it out. I had to make some changes in the
cyrus-sasl config files and re-configure and then make memcached again.
Also had to re-configure libmemcached with --enable-sasl option.
Looking forward to your token based implementation.

Regards,
Om Kale
On Tue, Apr 17, 2018, 7:04 PM dormando  wrote:

> Ah, I think you're stuck with SASL then.
>
> If I try to help you further I'll just be googling cyrus stuff and reading
> its source code; it's not really something I can help you with, sorry :(
>
> On Tue, 17 Apr 2018, Om Kale wrote:
>
> > Unique to the client.
> >
> > Thanks and Regards,
> > Om Kale
> >
> > On Tue, Apr 17, 2018 at 3:41 PM, dormando  wrote:
> >   Are you saying the tokens need to be unique to each client, or can
> they
> >   all share a single token?
> >
> >   On Tue, 17 Apr 2018, Om Kale wrote:
> >
> >   > So my wireless application needs authentication support before a
> trusted client can do a get/set.
> >   > As long as I can do this, the underlying mechanism is not that
> critical. The token proposol can also work but again there should be a
> >   mechanism where
> >   > server authenticates for the clients and the number of clients
> can be pretty large.
> >   >
> >   > Thanks and Regards,Om Kale
> >   >
> >   >
> >   > On Tue, Apr 17, 2018 at 3:25 PM, dormando 
> wrote:
> >   >   Also, I should ask again; do you need SASL in specific or
> would something
> >   >   like my authentication token proposal from a week ago work?
> >   >
> >   >   On Tue, 17 Apr 2018, dormando wrote:
> >   >
> >   >   > "failed to list sasl mechanisms" is beyond my knowledge
> :/ you might not
> >   >   > have config files for cyrus sasl. you should search their
> >   >   > knowledgebases/mails/etc.
> >   >   >
> >   >   > On Tue, 17 Apr 2018, Om Kale wrote:
> >   >   >
> >   >   > > Sorry about that it was a typo in the email:
> >   >   > >
> >   >   > > :~/sasl$ cat memcached.conf
> >   >   > > mech_list: plain
> >   >   > > log_level: 5
> >   >   > > sasldb_path: /home/okale/sasl/memcached-sasl-pwdb
> >   >   > >
> >   >   > >
> >   >   > > :~/sasl$ pwd
> >   >   > > /home/okale/sasl
> >   >   > > :~/sasl$
> >   >   > > :~/sasl$ ls
> >   >   > > memcached.conf  memcached-sasl-pwdb
> >   >   > >
> >   >   > >
> >   >   > >
> >   >   > >
> >   >   > > Thanks and Regards,Om Kale
> >   >   > >
> >   >   > > On Tue, Apr 17, 2018 at 3:11 PM, dormando <
> dorma...@rydia.net> wrote:
> >   >   > >   Hey,
> >   >   > >
> >   >   > >
> >   >   > >   >
> >   >   > >   >
> >   >   > >   > Btw, I do have the correct memcached.conf file
> entry
> >   >   > >   > mech_list: plain
> >   >   > >   > log_level: 5
> >   >   > >   > sasldb_path: /home//sasl/memcached-sasl-pwdb
> >   >   > >
> >   >   > >   Is this missing your username? is the
> memcached-sasl-pwdb file actually
> >   >   > >   there?
> >   >   > >
> >   >   > >   >
> >   >   > >   > Thanks and Regards,Om Kale
> >   >   > >   >
> >   >   > >   >
> >   >   > >   > On Tue, Apr 17, 2018 at 2:25 PM, dormando <
> dorma...@rydia.net> wrote:
> >   >   > >   >   Hey,
> >   >   > >   >
> >   >   > >   >   That's because memcached isn't linking
> against the library you're
> >   >   > >   >   specifying... It's going to be much
> faster for you to search the internet
> >   >   > >   >   for that specific error. "error while
> loading shared libraries" "no such
> >   >   > >   >   file or directory". there should be a
> good number of stackoverflow
> >   >   > >   >   responses walking you through this sort
> of thing.
> >   >   > >   >
> >   >   > >   >   Once you build sasl, you need to rebuild
> memcached from scratch with a new
> >   >   > >   >   ./configure, but the old sasl libraries
> should not exist and should not be
> >   >   > >   >   in any paths first.
> >   >   > >   >
> >   >   > >   >   On Tue, 17 Apr 2018, Om Kale wrote:
> >   >   > >   >
> >   >   > >   >   > Hey Dormando,
> >   >   > >   >   > Thanks for the reply. I am doing this
> as I need to use sasl packages/libraries available under openwrt as I am
> >   using
> >   >   memcached for
> >   >   > >   a
> >   >   > >   >   wireless
> >   > 

Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.

[dormando]

oh; you might need to `sudo ldconfig` before that works, too

On Tue, 17 Apr 2018, Om Kale wrote:

> Hey Dormando,
> I was trying to play around with memcached sasl a bit more on Ubuntu.
> I tried to use the cyrus sasl libraries.
> However, when I try to run the memcached server it gives the following error:
> ~/Downloads/memcached-1.5.7$ memcached -S -vv
> memcached: error while loading shared libraries: libsasl2.so.2: cannot open 
> shared object file: No such file or directory
>
>
>
> I checked in usr/local/lib and I see libsasl2.so.3 present.
> cisco@dd17-ubuntu-namsoo:/usr/local/lib$ ls -lrt
> drwxrwsr-x 3 root staff    4096 Feb 28 10:25 python3.5
> drwxrwsr-x 4 root staff    4096 Feb 28 10:35 python2.7
> drwxr-xr-x 2 root root 4096 Apr 16 08:47 sasl2
> -rwxr-xr-x 1 root root   163912 Apr 17 03:09 libhashkit.so.2.0.0
> lrwxrwxrwx 1 root root   19 Apr 17 03:09 libhashkit.so.2 -> 
> libhashkit.so.2.0.0
> lrwxrwxrwx 1 root root   19 Apr 17 03:09 libhashkit.so -> 
> libhashkit.so.2.0.0
> -rwxr-xr-x 1 root root  938 Apr 17 03:09 libhashkit.la
> -rwxr-xr-x 1 root root  1373952 Apr 17 03:09 libmemcached.so.11.0.0
> lrwxrwxrwx 1 root root   22 Apr 17 03:09 libmemcached.so.11 -> 
> libmemcached.so.11.0.0
> lrwxrwxrwx 1 root root   22 Apr 17 03:09 libmemcached.so -> 
> libmemcached.so.11.0.0
> -rwxr-xr-x 1 root root  978 Apr 17 03:09 libmemcached.la
> -rwxr-xr-x 1 root root   114792 Apr 17 03:09 libmemcachedutil.so.2.0.0
> lrwxrwxrwx 1 root root   25 Apr 17 03:09 libmemcachedutil.so.2 -> 
> libmemcachedutil.so.2.0.0
> lrwxrwxrwx 1 root root   25 Apr 17 03:09 libmemcachedutil.so -> 
> libmemcachedutil.so.2.0.0
> -rwxr-xr-x 1 root root 1033 Apr 17 03:09 libmemcachedutil.la
> -rw-r--r-- 1 root root   329582 Apr 17 03:09 libhashkit.a
> -rw-r--r-- 1 root root  3175600 Apr 17 03:09 libmemcached.a
> -rw-r--r-- 1 root root   220608 Apr 17 03:09 libmemcachedutil.a
> drwxr-xr-x 2 root root 4096 Apr 17 03:09 pkgconfig
> -rwxr-xr-x 1 root root   485528 Apr 17 03:43 libsasl2.so.3.0.0
> lrwxrwxrwx 1 root root   17 Apr 17 03:43 libsasl2.so.3 -> 
> libsasl2.so.3.0.0
> lrwxrwxrwx 1 root root   17 Apr 17 03:43 libsasl2.so -> libsasl2.so.3.0.0
> -rwxr-xr-x 1 root root  652 Apr 17 03:43 libsasl2.la
> cisco@dd17-ubuntu-namsoo:/usr/local/lib$
>
> Has anyone else seen similar error while working with cyrus-sasl-2.1.27?
>
>
> Thanks and Regards,Om Kale
>
>
> On Wed, Apr 11, 2018 at 8:34 PM, dormando  wrote:
>   Hey,
>
>   Good to hear! good luck.
>
>   SASL is the only method. I sent a proposal to this mailing list 
> yesterday
>   for authentication tokens.
>
>   On Wed, 11 Apr 2018, Om Kale wrote:
>
>   > Hey Dormando,
>   > Works like a charm with Ubuntu. So its a MAC problem then.
>   > I also had an additional question:
>   > In memcached, is there any way of doing authentication without 
> actually using the SASL library available. For example, using some other
>   underlying ssl
>   > libraries.
>   >
>   >
>   > Thanks and Regards,Om Kale
>   >
>   >
>   > On Wed, Apr 11, 2018 at 4:14 PM, dormando  wrote:
>   >       I don't see anything wrong with it. Since you ultimately need 
> this to run
>   >       on ubuntu, why don't you start testing with a VM? It might not 
> matter at
>   >       all if the problem is just with the mac.
>   >
>   >       On Wed, 11 Apr 2018, Om Kale wrote:
>   >
>   >       > Ah, I see. This person on the memcached group also observed 
> the same issue on Cent OS (I see it on Mac OS) some time back:
>   >       >
>   >       > https://groups.google.com/forum/#!topic/memcached/mtzcFVYahZo
>   >       >
>   >       > I have attached my client program testsasl2.c with this mail. 
> I don't see any errors in the code. Please do let me know if you find
>   >       anything.
>   >       >
>   >       > Used following to compile and run:
>   >       > OKALE-M-33H5:mycode okale$ gcc -o testsasl2 testsasl2.c 
> -lmemcached -lsasl2 -lssl
>   >       > OKALE-M-33H5:mycode okale$ ./testsasl2 testuser testpass 
> localhost
>   >       > Set failed: AUTHENTICATION FAILURE
>   >       > OKALE-M-33H5:mycode okale$
>   >       >
>   >       >
>   >       > On memcached server side I see the same error when I use 
> testuser:testpass in the sasl database.
>   >       > OKALE-M-33H5:tmp okale$ pwd
>   >       > /tmp
>   >       > OKALE-M-33H5:tmp okale$ cat memcached-sasl-db
>   >       > testuser:testpass
>   >       > OKALE-M-33H5:tmp okale$
>   >       >
>   >       > Memcached server:
>   >       > OKALE-M-33H5:memcached-1.5.7 okale$ 
> SASL_CONF_PATH="/Users/okale/sasl" memcached -S -vv
>   >       > Reading configuration from: 
>   >       > Initialized SASL.
>   >       > slab class   1: chunk size    96 perslab   10922

Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.

[dormando]

Did you recompile memcached on there or copy the binary?

On Tue, 17 Apr 2018, Om Kale wrote:

> Hey Dormando,
> I was trying to play around with memcached sasl a bit more on Ubuntu.
> I tried to use the cyrus sasl libraries.
> However, when I try to run the memcached server it gives the following error:
> ~/Downloads/memcached-1.5.7$ memcached -S -vv
> memcached: error while loading shared libraries: libsasl2.so.2: cannot open 
> shared object file: No such file or directory
>
>
>
> I checked in usr/local/lib and I see libsasl2.so.3 present.
> cisco@dd17-ubuntu-namsoo:/usr/local/lib$ ls -lrt
> drwxrwsr-x 3 root staff    4096 Feb 28 10:25 python3.5
> drwxrwsr-x 4 root staff    4096 Feb 28 10:35 python2.7
> drwxr-xr-x 2 root root 4096 Apr 16 08:47 sasl2
> -rwxr-xr-x 1 root root   163912 Apr 17 03:09 libhashkit.so.2.0.0
> lrwxrwxrwx 1 root root   19 Apr 17 03:09 libhashkit.so.2 -> 
> libhashkit.so.2.0.0
> lrwxrwxrwx 1 root root   19 Apr 17 03:09 libhashkit.so -> 
> libhashkit.so.2.0.0
> -rwxr-xr-x 1 root root  938 Apr 17 03:09 libhashkit.la
> -rwxr-xr-x 1 root root  1373952 Apr 17 03:09 libmemcached.so.11.0.0
> lrwxrwxrwx 1 root root   22 Apr 17 03:09 libmemcached.so.11 -> 
> libmemcached.so.11.0.0
> lrwxrwxrwx 1 root root   22 Apr 17 03:09 libmemcached.so -> 
> libmemcached.so.11.0.0
> -rwxr-xr-x 1 root root  978 Apr 17 03:09 libmemcached.la
> -rwxr-xr-x 1 root root   114792 Apr 17 03:09 libmemcachedutil.so.2.0.0
> lrwxrwxrwx 1 root root   25 Apr 17 03:09 libmemcachedutil.so.2 -> 
> libmemcachedutil.so.2.0.0
> lrwxrwxrwx 1 root root   25 Apr 17 03:09 libmemcachedutil.so -> 
> libmemcachedutil.so.2.0.0
> -rwxr-xr-x 1 root root 1033 Apr 17 03:09 libmemcachedutil.la
> -rw-r--r-- 1 root root   329582 Apr 17 03:09 libhashkit.a
> -rw-r--r-- 1 root root  3175600 Apr 17 03:09 libmemcached.a
> -rw-r--r-- 1 root root   220608 Apr 17 03:09 libmemcachedutil.a
> drwxr-xr-x 2 root root 4096 Apr 17 03:09 pkgconfig
> -rwxr-xr-x 1 root root   485528 Apr 17 03:43 libsasl2.so.3.0.0
> lrwxrwxrwx 1 root root   17 Apr 17 03:43 libsasl2.so.3 -> 
> libsasl2.so.3.0.0
> lrwxrwxrwx 1 root root   17 Apr 17 03:43 libsasl2.so -> libsasl2.so.3.0.0
> -rwxr-xr-x 1 root root  652 Apr 17 03:43 libsasl2.la
> cisco@dd17-ubuntu-namsoo:/usr/local/lib$
>
> Has anyone else seen similar error while working with cyrus-sasl-2.1.27?
>
>
> Thanks and Regards,Om Kale
>
>
> On Wed, Apr 11, 2018 at 8:34 PM, dormando  wrote:
>   Hey,
>
>   Good to hear! good luck.
>
>   SASL is the only method. I sent a proposal to this mailing list 
> yesterday
>   for authentication tokens.
>
>   On Wed, 11 Apr 2018, Om Kale wrote:
>
>   > Hey Dormando,
>   > Works like a charm with Ubuntu. So its a MAC problem then.
>   > I also had an additional question:
>   > In memcached, is there any way of doing authentication without 
> actually using the SASL library available. For example, using some other
>   underlying ssl
>   > libraries.
>   >
>   >
>   > Thanks and Regards,Om Kale
>   >
>   >
>   > On Wed, Apr 11, 2018 at 4:14 PM, dormando  wrote:
>   >       I don't see anything wrong with it. Since you ultimately need 
> this to run
>   >       on ubuntu, why don't you start testing with a VM? It might not 
> matter at
>   >       all if the problem is just with the mac.
>   >
>   >       On Wed, 11 Apr 2018, Om Kale wrote:
>   >
>   >       > Ah, I see. This person on the memcached group also observed 
> the same issue on Cent OS (I see it on Mac OS) some time back:
>   >       >
>   >       > https://groups.google.com/forum/#!topic/memcached/mtzcFVYahZo
>   >       >
>   >       > I have attached my client program testsasl2.c with this mail. 
> I don't see any errors in the code. Please do let me know if you find
>   >       anything.
>   >       >
>   >       > Used following to compile and run:
>   >       > OKALE-M-33H5:mycode okale$ gcc -o testsasl2 testsasl2.c 
> -lmemcached -lsasl2 -lssl
>   >       > OKALE-M-33H5:mycode okale$ ./testsasl2 testuser testpass 
> localhost
>   >       > Set failed: AUTHENTICATION FAILURE
>   >       > OKALE-M-33H5:mycode okale$
>   >       >
>   >       >
>   >       > On memcached server side I see the same error when I use 
> testuser:testpass in the sasl database.
>   >       > OKALE-M-33H5:tmp okale$ pwd
>   >       > /tmp
>   >       > OKALE-M-33H5:tmp okale$ cat memcached-sasl-db
>   >       > testuser:testpass
>   >       > OKALE-M-33H5:tmp okale$
>   >       >
>   >       > Memcached server:
>   >       > OKALE-M-33H5:memcached-1.5.7 okale$ 
> SASL_CONF_PATH="/Users/okale/sasl" memcached -S -vv
>   >       > Reading configuration from: 
>   >       > Initialized SASL.
>   >       > slab class   1: chunk size    96 perslab   10922
>   

Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.

[dormando]

I don't see anything wrong with it. Since you ultimately need this to run
on ubuntu, why don't you start testing with a VM? It might not matter at
all if the problem is just with the mac.

On Wed, 11 Apr 2018, Om Kale wrote:

> Ah, I see. This person on the memcached group also observed the same issue on 
> Cent OS (I see it on Mac OS) some time back:
>
> https://groups.google.com/forum/#!topic/memcached/mtzcFVYahZo
>
> I have attached my client program testsasl2.c with this mail. I don't see any 
> errors in the code. Please do let me know if you find anything.
>
> Used following to compile and run:
> OKALE-M-33H5:mycode okale$ gcc -o testsasl2 testsasl2.c -lmemcached -lsasl2 
> -lssl
> OKALE-M-33H5:mycode okale$ ./testsasl2 testuser testpass localhost
> Set failed: AUTHENTICATION FAILURE
> OKALE-M-33H5:mycode okale$
>
>
> On memcached server side I see the same error when I use testuser:testpass in 
> the sasl database.
> OKALE-M-33H5:tmp okale$ pwd
> /tmp
> OKALE-M-33H5:tmp okale$ cat memcached-sasl-db
> testuser:testpass
> OKALE-M-33H5:tmp okale$
>
> Memcached server:
> OKALE-M-33H5:memcached-1.5.7 okale$ SASL_CONF_PATH="/Users/okale/sasl" 
> memcached -S -vv
> Reading configuration from: 
> Initialized SASL.
> slab class   1: chunk size    96 perslab   10922
> slab class   2: chunk size   120 perslab    8738
> slab class   3: chunk size   152 perslab    6898
> slab class   4: chunk size   192 perslab    5461
> slab class   5: chunk size   240 perslab    4369
> slab class   6: chunk size   304 perslab    3449
> slab class   7: chunk size   384 perslab    2730
> slab class   8: chunk size   480 perslab    2184
> slab class   9: chunk size   600 perslab    1747
> slab class  10: chunk size   752 perslab    1394
> slab class  11: chunk size   944 perslab    1110
> slab class  12: chunk size  1184 perslab 885
> slab class  13: chunk size  1480 perslab 708
> slab class  14: chunk size  1856 perslab 564
> slab class  15: chunk size  2320 perslab 451
> slab class  16: chunk size  2904 perslab 361
> slab class  17: chunk size  3632 perslab 288
> slab class  18: chunk size  4544 perslab 230
> slab class  19: chunk size  5680 perslab 184
> slab class  20: chunk size  7104 perslab 147
> slab class  21: chunk size  8880 perslab 118
> slab class  22: chunk size 11104 perslab  94
> slab class  23: chunk size 13880 perslab  75
> slab class  24: chunk size 17352 perslab  60
> slab class  25: chunk size 21696 perslab  48
> slab class  26: chunk size 27120 perslab  38
> slab class  27: chunk size 33904 perslab  30
> slab class  28: chunk size 42384 perslab  24
> slab class  29: chunk size 52984 perslab  19
> slab class  30: chunk size 66232 perslab  15
> slab class  31: chunk size 82792 perslab  12
> slab class  32: chunk size    103496 perslab  10
> slab class  33: chunk size    129376 perslab   8
> slab class  34: chunk size    161720 perslab   6
> slab class  35: chunk size    202152 perslab   5
> slab class  36: chunk size    252696 perslab   4
> slab class  37: chunk size    315872 perslab   3
> slab class  38: chunk size    394840 perslab   2
> slab class  39: chunk size    524288 perslab   2
> <17 server listening (binary)
> <18 server listening (binary)
> <19 new binary client connection.
> <19 Read binary protocol data:
> <19    0x80 0x20 0x00 0x00
> <19    0x00 0x00 0x00 0x00
> <19    0x00 0x00 0x00 0x00
> <19    0x00 0x02 0x00 0x00
> <19    0x00 0x00 0x00 0x00
> <19    0x00 0x00 0x00 0x00
> authenticated() in cmd 0x20 is true
> >19 Writing bin response:
> >19   0x81 0x20 0x00 0x00
> >19   0x00 0x00 0x00 0x00
> >19   0x00 0x00 0x00 0x05
> >19   0x00 0x02 0x00 0x00
> >19   0x00 0x00 0x00 0x00
> >19   0x00 0x00 0x00 0x00
> <19 Read binary protocol data:
> <19    0x80 0x21 0x00 0x05
> <19    0x00 0x00 0x00 0x00
> <19    0x00 0x00 0x00 0x1f
> <19    0x00 0x02 0x00 0x00
> <19    0x00 0x00 0x00 0x00
> <19    0x00 0x00 0x00 0x00
> authenticated() in cmd 0x21 is true
> mech:  ``PLAIN'' with 26 bytes of data
> INFO: User  failed to authenticate
> SASL (severity 2): Password verification failed
> sasl result code:  -20
> Unknown sasl response:  -20
> >19 Writing an error: Auth failure.
> >19 Writing bin response:
> >19   0x81 0x21 0x00 0x00
> >19   0x00 0x00 0x00 0x20
> >19   0x00 0x00 0x00 0x0d
> >19   0x00 0x02 0x00 0x00
> >19   0x00 0x00 0x00 0x00
> >19   0x00 0x00 0x00 0x00
> <19 connection closed.
> ^CSignal handled: Interrupt: 2.
>
>
>
> Thanks and Regards,
> Om Kale
>
> On Wed, Apr 11, 2018 at 10:14 AM, dormando  wrote:
>   I'm on ubuntu.. I didn't do anything special or change anything, I gave 
> a
>   list of all the commands I ran to make it work verbatim.
>
>   I didn't have the username@ETC issue happen at all. If I had 

Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.

[dormando]

I'm on ubuntu.. I didn't do anything special or change anything, I gave a
list of all the commands I ran to make it work verbatim.

I didn't have the username@ETC issue happen at all. If I had to guess,
that would need to be fixed on the client side.

On Wed, 11 Apr 2018, Om Kale wrote:

> Hey Dormando,
> No the saslpasswd2 command didn't give me any output. I will use strace to 
> check for errors.
> Additionally, are you using an Ubuntu machine (If yes, how did you install 
> sasl on your machine and did you make any changes to it inorder to make it
> work). I am asking this as I will also be running this on Ubuntu later.
> On my MAC, for SASL, I just installed the sasl2bin library and some other 
> dependencies. (I tried with cyrus-sasl-plain as well, but did't seem to work)
> Also, for my other question about memcached client appending mylocalhost-mac 
> name as 'testuser@OKALE-M-33H5'? I saw some posts reporting this same issue
> on the group and stackoverflow.
> Will I be able to perform the authentication without saving the username in 
> this format in my sasl db file?
>
> Thanks and Regards,Om Kale
>
>
> On Tue, Apr 10, 2018 at 11:40 PM, dormando  wrote:
>   I don't really know. I don't have a mac so I don't know why saslpasswd2
>   doesn't work.
>
>   If it gives you any output when it doesn't work (with the -f argument),
>   please share it. You can also strace the command to see if there are any
>   obvious errors before it exits. There must be some reason why it's not
>   writing the file; it worked fine for me immediately.
>
>   how did you install sasl on your machine? or did it come with it?
>
>   On Tue, 10 Apr 2018, Om Kale wrote:
>
>   > Hi Dormando,
>   > I finally figured it out the issue from the above thread itself.
>   > The small change in steps as shown below work on my MAC machine:
>   >
>   > OKALE-M-33H5:memcached-1.5.7 okale$ echo 
> "testuser@OKALE-M-33H5:testpass" > /tmp/memcached-sasl-db
>   > OKALE-M-33H5:memcached-1.5.7 okale$ 
> SASL_CONF_PATH="/Users/okale/sasl" memcached -v -S
>   > Reading configuration from: 
>   > Initialized SASL.
>   > mech:  ``PLAIN'' with 26 bytes of data
>   > sasl result code:  0
>   >
>   >
>   > Client Side:
>   > OKALE-M-33H5:mycode okale$ ./testsasl testuser testpass 127.0.0.1
>   > Get/Set success!
>   >
>   > I observe two things here:
>   > 1. The saslpasswd2 doesn't create the memcached-sasl-db file for me, 
> I instead used the echo command listed above.
>   > 2. Now memcached appends mylocalhost-mac name i.e. @OKALE-M-33H5 to 
> the username when I run the client. (Not sure why this is the case)
>   > It would be great if you could guide me as to whether there is a 
> specific reason to it and will I be able to perform the authentication
>   without saving
>   > the username in this format in my sasl db file.
>   >
>   >
>   > Appreciate all the help!
>   >
>   > Thanks and Regards,Om Kale
>   >
>   >
>   >
>   > On Tue, Apr 10, 2018 at 10:07 PM, Om Kale  wrote:
>   >       Hi Dormando,
>   >       Thanks for your guidance. Meanwhile, reading through the 
> memcached email chain, I see someone else also observed something similar
>   but there
>   >       was no solution. The question is how do I create the 
> memcahed-sasl-pwdb file and populate it with username and password as the
>   saslpasswd2
>   >       doesnt seem to be doing it in this case.
>   >
>   >       
> https://groups.google.com/d/msg/memcached/mtzcFVYahZo/ZGrX6i5FWsUJ
>   >
>   >
>   >
>   >       Regards,
>   >       Om Kale
>   >
>   >
>   >
>   >       On Tuesday, April 10, 2018 at 7:07:58 PM UTC-7, Om Kale wrote:
>   >       Yes, that is correct. But if this change is done, then the 
> entry in memcached.conf for sasldb_path should also change to sasldb_path:
>   >       /tmp/memcached-sasl-pwdb.
>   > However, if this change is made still it fails.
>   >
>   > OKALE-M-33H5:sasl okale$ cat memcached.conf
>   > mech_list: plain
>   > log_level: 5
>   > sasldb_path: /tmp/memcached-sasl-pwdb
>   > OKALE-M-33H5:sasl okale$ echo testpass | saslpasswd2 -f 
> /tmp/memcached-sasl-pwdb -a memcached -c -p testuser
>   > OKALE-M-33H5:sasl okale$ SASL_CONF_PATH="/Users/okale/sasl" memcached 
> -S -v
>   > Reading configuration from: 
>   > Initialized SASL.
>   > mech:  ``PLAIN'' with 26 bytes of data
>   > WARNING: Failed to open sasl database : No 
> such file or directory
>   > SASL (severity 2): Password verification failed
>   > sasl result code:  -20
>   > Unknown sasl response:  -20
>   >
>   >
>   >
>   > The problem is the saslpasswd2 command is not creating the file in 
> the desired location. I am not able to see 

Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.

[dormando]

I don't really know. I don't have a mac so I don't know why saslpasswd2
doesn't work.

If it gives you any output when it doesn't work (with the -f argument),
please share it. You can also strace the command to see if there are any
obvious errors before it exits. There must be some reason why it's not
writing the file; it worked fine for me immediately.

how did you install sasl on your machine? or did it come with it?

On Tue, 10 Apr 2018, Om Kale wrote:

> Hi Dormando,
> I finally figured it out the issue from the above thread itself.
> The small change in steps as shown below work on my MAC machine:
>
> OKALE-M-33H5:memcached-1.5.7 okale$ echo "testuser@OKALE-M-33H5:testpass" > 
> /tmp/memcached-sasl-db
> OKALE-M-33H5:memcached-1.5.7 okale$ SASL_CONF_PATH="/Users/okale/sasl" 
> memcached -v -S
> Reading configuration from: 
> Initialized SASL.
> mech:  ``PLAIN'' with 26 bytes of data
> sasl result code:  0
>
>
> Client Side:
> OKALE-M-33H5:mycode okale$ ./testsasl testuser testpass 127.0.0.1
> Get/Set success!
>
> I observe two things here:
> 1. The saslpasswd2 doesn't create the memcached-sasl-db file for me, I 
> instead used the echo command listed above.
> 2. Now memcached appends mylocalhost-mac name i.e. @OKALE-M-33H5 to the 
> username when I run the client. (Not sure why this is the case)
> It would be great if you could guide me as to whether there is a specific 
> reason to it and will I be able to perform the authentication without saving
> the username in this format in my sasl db file.
>
>
> Appreciate all the help!
>
> Thanks and Regards,Om Kale
>
>
>
> On Tue, Apr 10, 2018 at 10:07 PM, Om Kale  wrote:
>   Hi Dormando,
>   Thanks for your guidance. Meanwhile, reading through the memcached 
> email chain, I see someone else also observed something similar but there
>   was no solution. The question is how do I create the memcahed-sasl-pwdb 
> file and populate it with username and password as the saslpasswd2
>   doesnt seem to be doing it in this case.
>
>   https://groups.google.com/d/msg/memcached/mtzcFVYahZo/ZGrX6i5FWsUJ
>
>
>
>   Regards,
>   Om Kale
>
>
>
>   On Tuesday, April 10, 2018 at 7:07:58 PM UTC-7, Om Kale wrote:
>   Yes, that is correct. But if this change is done, then the entry in 
> memcached.conf for sasldb_path should also change to sasldb_path:
>   /tmp/memcached-sasl-pwdb.
> However, if this change is made still it fails.
>
> OKALE-M-33H5:sasl okale$ cat memcached.conf
> mech_list: plain
> log_level: 5
> sasldb_path: /tmp/memcached-sasl-pwdb
> OKALE-M-33H5:sasl okale$ echo testpass | saslpasswd2 -f 
> /tmp/memcached-sasl-pwdb -a memcached -c -p testuser
> OKALE-M-33H5:sasl okale$ SASL_CONF_PATH="/Users/okale/sasl" memcached -S -v
> Reading configuration from: 
> Initialized SASL.
> mech:  ``PLAIN'' with 26 bytes of data
> WARNING: Failed to open sasl database : No such file 
> or directory
> SASL (severity 2): Password verification failed
> sasl result code:  -20
> Unknown sasl response:  -20
>
>
>
> The problem is the saslpasswd2 command is not creating the file in the 
> desired location. I am not able to see memcached-sasl-pwdb under /tmp
> folder
> OKALE-M-33H5:tmp okale$ ls -lrth
> total 2920
> drwxrwxrwx    3 root   wheel    96B Apr  4 14:42 boost_interprocess
> drwx--    3 okale  wheel    96B Apr  4 14:43 com.apple.launchd.PJzhBv7YpC
> drwx--    3 okale  wheel    96B Apr  4 14:43 com.apple.launchd.KfTcHnvIT3
> drwx--    3 okale  wheel    96B Apr  4 14:43 com.apple.launchd.ha1KS1S42u
> drwx--    4 okale  wheel   128B Apr  6 15:44 com.apple.installermg8f7zLr
> -rw-r--r--    1 root   wheel   111B Apr  9 13:01 progress.log
> drwx--    2 okale  wheel    64B Apr  9 13:53 KSDownloadAction.uWLwKCAAOF
> drwx--    2 okale  wheel    64B Apr  9 13:53 
> KSOutOfProcessFetcher.3Esze3adI3
> -rw-r--r--    1 root   wheel   510B Apr 10 11:36 top.out
> -rw-r--r--    1 root   wheel 0B Apr 10 12:02 adobesmuoutpk1EMzc
> -rw-r--r--    1 root   wheel 0B Apr 10 12:02 adobesmuoutpmWzWeW
> -rw-r--r--    1 root   wheel 0B Apr 10 12:02 adobesmuoutpzm2q3Y
> -rw-r--r--    1 root   wheel 0B Apr 10 12:02 adobesmuoutpBo8m4d
> -rw-rw-rw-@   1 okale  staff   1.0M Apr 10 16:12 libevent-2.1.8-stable.tar.gz
> drwxr-xr-x@ 165 okale  wheel   5.2K Apr 10 16:19 libevent-2.1.8-stable
> -rw-rw-rw-@   1 okale  staff   447K Apr 10 16:21 memcached-1.5.7.tar.gz
> srwxr-xr-x    1 okale  wheel 0B Apr 10 17:25 SIP-Main
> srwxr-xr-x    1 okale  wheel 0B Apr 10 17:25 SIP-MsgQ
> drwxr-xr-x@ 148 okale  wheel   4.6K Apr 10 18:33 memcached-1.5.7
> OKALE-M-33H5:tmp okale$
>
> Thanks and Regards,Om Kale
>
>
> On Tue, Apr 10, 2018 at 6:41 PM, dormando  wrote:
>   Change:
>
>   $ echo testpass | saslpasswd2 -f /Users/okale/sasl/memcached-sasl-pwdb 
> -a
>   memcached -c -p testuser
>
>   To:
>
>   $ echo testpass | saslpasswd2 -f /tmp/memcached-sasl-pwdb -a
>   memcached -c 

Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.

[Om Kale]

Hi Dormando,
I finally figured it out the issue from the above thread itself.
The small change in steps as shown below work on my MAC machine:

OKALE-M-33H5:memcached-1.5.7 okale$ echo "testuser@OKALE-M-33H5:testpass" >
/tmp/memcached-sasl-db
OKALE-M-33H5:memcached-1.5.7 okale$ SASL_CONF_PATH="/Users/okale/sasl"
memcached -v -S
Reading configuration from: 
Initialized SASL.
mech:  ``PLAIN'' with 26 bytes of data
sasl result code:  0


Client Side:
OKALE-M-33H5:mycode okale$ ./testsasl testuser testpass 127.0.0.1
Get/Set success!

I observe two things here:
1. The saslpasswd2 doesn't create the memcached-sasl-db file for me, I
instead used the echo command listed above.
2. Now memcached appends mylocalhost-mac name i.e. @OKALE-M-33H5 to the
username when I run the client. (Not sure why this is the case)
It would be great if you could guide me as to whether there is a specific
reason to it and will I be able to perform the authentication without
saving the username in this format in my sasl db file.


Appreciate all the help!

Thanks and Regards,
Om Kale



On Tue, Apr 10, 2018 at 10:07 PM, Om Kale  wrote:

> Hi Dormando,
> Thanks for your guidance. Meanwhile, reading through the memcached email
> chain, I see someone else also observed something similar but there was no
> solution. The question is how do I create the memcahed-sasl-pwdb file and
> populate it with username and password as the saslpasswd2 doesnt seem to be
> doing it in this case.
>
> https://groups.google.com/d/msg/memcached/mtzcFVYahZo/ZGrX6i5FWsUJ
>
>
>
> Regards,
> Om Kale
>
>
>
>
> On Tuesday, April 10, 2018 at 7:07:58 PM UTC-7, Om Kale wrote:
>
>> Yes, that is correct. But if this change is done, then the entry in
>> memcached.conf for sasldb_path should also change to sasldb_path:
>> /tmp/memcached-sasl-pwdb.
>> However, if this change is made still it fails.
>>
>> OKALE-M-33H5:sasl okale$ cat memcached.conf
>> mech_list: plain
>> log_level: 5
>> sasldb_path: /tmp/memcached-sasl-pwdb
>> OKALE-M-33H5:sasl okale$ echo testpass | saslpasswd2 -f
>> /tmp/memcached-sasl-pwdb -a memcached -c -p testuser
>> OKALE-M-33H5:sasl okale$ SASL_CONF_PATH="/Users/okale/sasl" memcached -S
>> -v
>> Reading configuration from: 
>> Initialized SASL.
>> mech:  ``PLAIN'' with 26 bytes of data
>> WARNING: Failed to open sasl database : No such
>> file or directory
>> SASL (severity 2): Password verification failed
>> sasl result code:  -20
>> Unknown sasl response:  -20
>>
>>
>>
>> The problem is the saslpasswd2 command is not creating the file in the
>> desired location. I am not able to see memcached-sasl-pwdb under /tmp folder
>> OKALE-M-33H5:tmp okale$ ls -lrth
>> total 2920
>> drwxrwxrwx3 root   wheel96B Apr  4 14:42 boost_interprocess
>> drwx--3 okale  wheel96B Apr  4 14:43
>> com.apple.launchd.PJzhBv7YpC
>> drwx--3 okale  wheel96B Apr  4 14:43
>> com.apple.launchd.KfTcHnvIT3
>> drwx--3 okale  wheel96B Apr  4 14:43
>> com.apple.launchd.ha1KS1S42u
>> drwx--4 okale  wheel   128B Apr  6 15:44
>> com.apple.installermg8f7zLr
>> -rw-r--r--1 root   wheel   111B Apr  9 13:01 progress.log
>> drwx--2 okale  wheel64B Apr  9 13:53
>> KSDownloadAction.uWLwKCAAOF
>> drwx--2 okale  wheel64B Apr  9 13:53
>> KSOutOfProcessFetcher.3Esze3adI3
>> -rw-r--r--1 root   wheel   510B Apr 10 11:36 top.out
>> -rw-r--r--1 root   wheel 0B Apr 10 12:02 adobesmuoutpk1EMzc
>> -rw-r--r--1 root   wheel 0B Apr 10 12:02 adobesmuoutpmWzWeW
>> -rw-r--r--1 root   wheel 0B Apr 10 12:02 adobesmuoutpzm2q3Y
>> -rw-r--r--1 root   wheel 0B Apr 10 12:02 adobesmuoutpBo8m4d
>> -rw-rw-rw-@   1 okale  staff   1.0M Apr 10 16:12
>> libevent-2.1.8-stable.tar.gz
>> drwxr-xr-x@ 165 okale  wheel   5.2K Apr 10 16:19 libevent-2.1.8-stable
>> -rw-rw-rw-@   1 okale  staff   447K Apr 10 16:21 memcached-1.5.7.tar.gz
>> srwxr-xr-x1 okale  wheel 0B Apr 10 17:25 SIP-Main
>> srwxr-xr-x1 okale  wheel 0B Apr 10 17:25 SIP-MsgQ
>> drwxr-xr-x@ 148 okale  wheel   4.6K Apr 10 18:33 memcached-1.5.7
>> OKALE-M-33H5:tmp okale$
>>
>> Thanks and Regards,
>> Om Kale
>>
>>
>> On Tue, Apr 10, 2018 at 6:41 PM, dormando  wrote:
>>
>> Change:
>>
>> $ echo testpass | saslpasswd2 -f /Users/okale/sasl/memcached-sasl-pwdb -a
>> memcached -c -p testuser
>>
>> To:
>>
>> $ echo testpass | saslpasswd2 -f /tmp/memcached-sasl-pwdb -a
>> memcached -c -p testuser
>>
>> SASL_CONF_PATH points to where memcached.conf is. memcached.conf points to
>> memcached-sasl-pwdb via the sasldb_path: line.
>>
>> On Tue, 10 Apr 2018, Om Kale wrote:
>>
>> > Hi Dormando,
>> > Thanks for the help. I tried the steps you mentioned but end up getting
>> similar error. However, the error is slightly different this time.
>> > Why is it still pointing to '/tmp/memcached-sasl-db' when the
>> SASL_CONF_PATH specifies the location of the db file.
>> >
>> > OKALE-M-33H5:sasl okale$ pwd
>> > 

Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.

[dormando]

Hey,

What is the exact output from saslpasswd2 when you run it?

On Tue, 10 Apr 2018, Om Kale wrote:

> Hi Dormando,
> Thanks for your guidance. Meanwhile, reading through the memcached email 
> chain, I see someone else also observed something similar but there was no
> solution. The question is how do I create the memcahed-sasl-pwdb file and 
> populate it with username and password as the saslpasswd2 doesnt seem to be
> doing it in this case.
>
> https://groups.google.com/d/msg/memcached/mtzcFVYahZo/ZGrX6i5FWsUJ
>
>
>
> Regards,
> Om Kale
>
>
>
> On Tuesday, April 10, 2018 at 7:07:58 PM UTC-7, Om Kale wrote:
>   Yes, that is correct. But if this change is done, then the entry in 
> memcached.conf for sasldb_path should also change to sasldb_path:
>   /tmp/memcached-sasl-pwdb.
> However, if this change is made still it fails.
>
> OKALE-M-33H5:sasl okale$ cat memcached.conf
> mech_list: plain
> log_level: 5
> sasldb_path: /tmp/memcached-sasl-pwdb
> OKALE-M-33H5:sasl okale$ echo testpass | saslpasswd2 -f 
> /tmp/memcached-sasl-pwdb -a memcached -c -p testuser
> OKALE-M-33H5:sasl okale$ SASL_CONF_PATH="/Users/okale/sasl" memcached -S -v
> Reading configuration from: 
> Initialized SASL.
> mech:  ``PLAIN'' with 26 bytes of data
> WARNING: Failed to open sasl database : No such file 
> or directory
> SASL (severity 2): Password verification failed
> sasl result code:  -20
> Unknown sasl response:  -20
>
>
>
> The problem is the saslpasswd2 command is not creating the file in the 
> desired location. I am not able to see memcached-sasl-pwdb under /tmp folder
> OKALE-M-33H5:tmp okale$ ls -lrth
> total 2920
> drwxrwxrwx    3 root   wheel    96B Apr  4 14:42 boost_interprocess
> drwx--    3 okale  wheel    96B Apr  4 14:43 com.apple.launchd.PJzhBv7YpC
> drwx--    3 okale  wheel    96B Apr  4 14:43 com.apple.launchd.KfTcHnvIT3
> drwx--    3 okale  wheel    96B Apr  4 14:43 com.apple.launchd.ha1KS1S42u
> drwx--    4 okale  wheel   128B Apr  6 15:44 com.apple.installermg8f7zLr
> -rw-r--r--    1 root   wheel   111B Apr  9 13:01 progress.log
> drwx--    2 okale  wheel    64B Apr  9 13:53 KSDownloadAction.uWLwKCAAOF
> drwx--    2 okale  wheel    64B Apr  9 13:53 
> KSOutOfProcessFetcher.3Esze3adI3
> -rw-r--r--    1 root   wheel   510B Apr 10 11:36 top.out
> -rw-r--r--    1 root   wheel 0B Apr 10 12:02 adobesmuoutpk1EMzc
> -rw-r--r--    1 root   wheel 0B Apr 10 12:02 adobesmuoutpmWzWeW
> -rw-r--r--    1 root   wheel 0B Apr 10 12:02 adobesmuoutpzm2q3Y
> -rw-r--r--    1 root   wheel 0B Apr 10 12:02 adobesmuoutpBo8m4d
> -rw-rw-rw-@   1 okale  staff   1.0M Apr 10 16:12 libevent-2.1.8-stable.tar.gz
> drwxr-xr-x@ 165 okale  wheel   5.2K Apr 10 16:19 libevent-2.1.8-stable
> -rw-rw-rw-@   1 okale  staff   447K Apr 10 16:21 memcached-1.5.7.tar.gz
> srwxr-xr-x    1 okale  wheel 0B Apr 10 17:25 SIP-Main
> srwxr-xr-x    1 okale  wheel 0B Apr 10 17:25 SIP-MsgQ
> drwxr-xr-x@ 148 okale  wheel   4.6K Apr 10 18:33 memcached-1.5.7
> OKALE-M-33H5:tmp okale$
>
> Thanks and Regards,Om Kale
>
>
> On Tue, Apr 10, 2018 at 6:41 PM, dormando  wrote:
>   Change:
>
>   $ echo testpass | saslpasswd2 -f /Users/okale/sasl/memcached-sasl-pwdb 
> -a
>   memcached -c -p testuser
>
>   To:
>
>   $ echo testpass | saslpasswd2 -f /tmp/memcached-sasl-pwdb -a
>   memcached -c -p testuser
>
>   SASL_CONF_PATH points to where memcached.conf is. memcached.conf points 
> to
>   memcached-sasl-pwdb via the sasldb_path: line.
>
>   On Tue, 10 Apr 2018, Om Kale wrote:
>
>   > Hi Dormando,
>   > Thanks for the help. I tried the steps you mentioned but end up 
> getting similar error. However, the error is slightly different this
>   time.
>   > Why is it still pointing to '/tmp/memcached-sasl-db' when the 
> SASL_CONF_PATH specifies the location of the db file.
>   >
>   > OKALE-M-33H5:sasl okale$ pwd
>   > /Users/okale/sasl
>   > OKALE-M-33H5:sasl okale$ cat memcached.conf
>   > mech_list: plain
>   > log_level: 5
>   > sasldb_path: /Users/okale/sasl/memcached-sasl-pwdb
>   > OKALE-M-33H5:sasl okale$ echo testpass | saslpasswd2 -f 
> /Users/okale/sasl/memcached-sasl-pwdb -a memcached -c -p testuser
>   > OKALE-M-33H5:sasl okale$ SASL_CONF_PATH="/Users/okale/sasl" memcached 
> -S -v
>   > Reading configuration from: 
>   > Initialized SASL.
>   > mech:  ``PLAIN'' with 26 bytes of data
>   > WARNING: Failed to open sasl database : No 
> such file or directory
>   > SASL (severity 2): Password verification failed
>   > sasl result code:  -20
>   > Unknown sasl response:  -20
>   > ^CSignal handled: Interrupt: 2.
>   > OKALE-M-33H5:sasl okale$
>   > OKALE-M-33H5:sasl okale$
>   > OKALE-M-33H5:sasl okale$
>   >
>   >
>   > On client side:
>   > OKALE-M-33H5:mycode okale$ ./testsasl testuser testpass 127.0.0.1
>   > Set failed: FAILED TO SEND 

Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.

[Om Kale]

Hi Dormando,
Thanks for your guidance. Meanwhile, reading through the memcached email 
chain, I see someone else also observed something similar but there was no 
solution. The question is how do I create the memcahed-sasl-pwdb file and 
populate it with username and password as the saslpasswd2 doesnt seem to be 
doing it in this case.

https://groups.google.com/d/msg/memcached/mtzcFVYahZo/ZGrX6i5FWsUJ



Regards,
Om Kale



On Tuesday, April 10, 2018 at 7:07:58 PM UTC-7, Om Kale wrote:
>
> Yes, that is correct. But if this change is done, then the entry in 
> memcached.conf for sasldb_path should also change to sasldb_path: 
> /tmp/memcached-sasl-pwdb.
> However, if this change is made still it fails. 
>
> OKALE-M-33H5:sasl okale$ cat memcached.conf
> mech_list: plain
> log_level: 5
> sasldb_path: /tmp/memcached-sasl-pwdb
> OKALE-M-33H5:sasl okale$ echo testpass | saslpasswd2 -f 
> /tmp/memcached-sasl-pwdb -a memcached -c -p testuser
> OKALE-M-33H5:sasl okale$ SASL_CONF_PATH="/Users/okale/sasl" memcached -S -v
> Reading configuration from: 
> Initialized SASL.
> mech:  ``PLAIN'' with 26 bytes of data
> WARNING: Failed to open sasl database : No such 
> file or directory
> SASL (severity 2): Password verification failed
> sasl result code:  -20
> Unknown sasl response:  -20
>
>
>
> The problem is the saslpasswd2 command is not creating the file in the 
> desired location. I am not able to see memcached-sasl-pwdb under /tmp folder
> OKALE-M-33H5:tmp okale$ ls -lrth
> total 2920
> drwxrwxrwx3 root   wheel96B Apr  4 14:42 boost_interprocess
> drwx--3 okale  wheel96B Apr  4 14:43 
> com.apple.launchd.PJzhBv7YpC
> drwx--3 okale  wheel96B Apr  4 14:43 
> com.apple.launchd.KfTcHnvIT3
> drwx--3 okale  wheel96B Apr  4 14:43 
> com.apple.launchd.ha1KS1S42u
> drwx--4 okale  wheel   128B Apr  6 15:44 
> com.apple.installermg8f7zLr
> -rw-r--r--1 root   wheel   111B Apr  9 13:01 progress.log
> drwx--2 okale  wheel64B Apr  9 13:53 
> KSDownloadAction.uWLwKCAAOF
> drwx--2 okale  wheel64B Apr  9 13:53 
> KSOutOfProcessFetcher.3Esze3adI3
> -rw-r--r--1 root   wheel   510B Apr 10 11:36 top.out
> -rw-r--r--1 root   wheel 0B Apr 10 12:02 adobesmuoutpk1EMzc
> -rw-r--r--1 root   wheel 0B Apr 10 12:02 adobesmuoutpmWzWeW
> -rw-r--r--1 root   wheel 0B Apr 10 12:02 adobesmuoutpzm2q3Y
> -rw-r--r--1 root   wheel 0B Apr 10 12:02 adobesmuoutpBo8m4d
> -rw-rw-rw-@   1 okale  staff   1.0M Apr 10 16:12 
> libevent-2.1.8-stable.tar.gz
> drwxr-xr-x@ 165 okale  wheel   5.2K Apr 10 16:19 libevent-2.1.8-stable
> -rw-rw-rw-@   1 okale  staff   447K Apr 10 16:21 memcached-1.5.7.tar.gz
> srwxr-xr-x1 okale  wheel 0B Apr 10 17:25 SIP-Main
> srwxr-xr-x1 okale  wheel 0B Apr 10 17:25 SIP-MsgQ
> drwxr-xr-x@ 148 okale  wheel   4.6K Apr 10 18:33 memcached-1.5.7
> OKALE-M-33H5:tmp okale$
>
> Thanks and Regards,
> Om Kale
>
>
> On Tue, Apr 10, 2018 at 6:41 PM, dormando  wrote:
>
> Change:
>
> $ echo testpass | saslpasswd2 -f /Users/okale/sasl/memcached-sasl-pwdb -a
> memcached -c -p testuser
>
> To:
>
> $ echo testpass | saslpasswd2 -f /tmp/memcached-sasl-pwdb -a
> memcached -c -p testuser
>
> SASL_CONF_PATH points to where memcached.conf is. memcached.conf points to
> memcached-sasl-pwdb via the sasldb_path: line.
>
> On Tue, 10 Apr 2018, Om Kale wrote:
>
> > Hi Dormando,
> > Thanks for the help. I tried the steps you mentioned but end up getting 
> similar error. However, the error is slightly different this time.
> > Why is it still pointing to '/tmp/memcached-sasl-db' when the 
> SASL_CONF_PATH specifies the location of the db file.
> >
> > OKALE-M-33H5:sasl okale$ pwd
> > /Users/okale/sasl
> > OKALE-M-33H5:sasl okale$ cat memcached.conf
> > mech_list: plain
> > log_level: 5
> > sasldb_path: /Users/okale/sasl/memcached-sasl-pwdb
> > OKALE-M-33H5:sasl okale$ echo testpass | saslpasswd2 -f 
> /Users/okale/sasl/memcached-sasl-pwdb -a memcached -c -p testuser
> > OKALE-M-33H5:sasl okale$ SASL_CONF_PATH="/Users/okale/sasl" memcached -S 
> -v
> > Reading configuration from: 
> > Initialized SASL.
> > mech:  ``PLAIN'' with 26 bytes of data
> > WARNING: Failed to open sasl database : No such 
> file or directory
> > SASL (severity 2): Password verification failed
> > sasl result code:  -20
> > Unknown sasl response:  -20
> > ^CSignal handled: Interrupt: 2.
> > OKALE-M-33H5:sasl okale$
> > OKALE-M-33H5:sasl okale$
> > OKALE-M-33H5:sasl okale$
> >
> >
> > On client side:
> > OKALE-M-33H5:mycode okale$ ./testsasl testuser testpass 127.0.0.1
> > Set failed: FAILED TO SEND AUTHENTICATION TO SERVER
> > OKALE-M-33H5:mycode okale$ ./testsasl testuser testpass localhost
> > Set failed: AUTHENTICATION FAILURE
> > OKALE-M-33H5:mycode okale$
> >
> >
> > Any idea why?
> >
> >
> >
> > Thanks and Regards,Om Kale
> >
> > On Tue, Apr 10, 2018 at 4:38 PM, dormando  wrote:
> >   yes and yes.
> >
> >   

Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.

[dormando]

Change:

$ echo testpass | saslpasswd2 -f /Users/okale/sasl/memcached-sasl-pwdb -a
memcached -c -p testuser

To:

$ echo testpass | saslpasswd2 -f /tmp/memcached-sasl-pwdb -a
memcached -c -p testuser

SASL_CONF_PATH points to where memcached.conf is. memcached.conf points to
memcached-sasl-pwdb via the sasldb_path: line.

On Tue, 10 Apr 2018, Om Kale wrote:

> Hi Dormando,
> Thanks for the help. I tried the steps you mentioned but end up getting 
> similar error. However, the error is slightly different this time.
> Why is it still pointing to '/tmp/memcached-sasl-db' when the SASL_CONF_PATH 
> specifies the location of the db file.
>
> OKALE-M-33H5:sasl okale$ pwd
> /Users/okale/sasl
> OKALE-M-33H5:sasl okale$ cat memcached.conf
> mech_list: plain
> log_level: 5
> sasldb_path: /Users/okale/sasl/memcached-sasl-pwdb
> OKALE-M-33H5:sasl okale$ echo testpass | saslpasswd2 -f 
> /Users/okale/sasl/memcached-sasl-pwdb -a memcached -c -p testuser
> OKALE-M-33H5:sasl okale$ SASL_CONF_PATH="/Users/okale/sasl" memcached -S -v
> Reading configuration from: 
> Initialized SASL.
> mech:  ``PLAIN'' with 26 bytes of data
> WARNING: Failed to open sasl database : No such file 
> or directory
> SASL (severity 2): Password verification failed
> sasl result code:  -20
> Unknown sasl response:  -20
> ^CSignal handled: Interrupt: 2.
> OKALE-M-33H5:sasl okale$
> OKALE-M-33H5:sasl okale$
> OKALE-M-33H5:sasl okale$
>
>
> On client side:
> OKALE-M-33H5:mycode okale$ ./testsasl testuser testpass 127.0.0.1
> Set failed: FAILED TO SEND AUTHENTICATION TO SERVER
> OKALE-M-33H5:mycode okale$ ./testsasl testuser testpass localhost
> Set failed: AUTHENTICATION FAILURE
> OKALE-M-33H5:mycode okale$
>
>
> Any idea why?
>
>
>
> Thanks and Regards,Om Kale
>
> On Tue, Apr 10, 2018 at 4:38 PM, dormando  wrote:
>   yes and yes.
>
>   mkdir sasl
>   cd sasl
>   then created memcached.conf
>   I did not create memcached-sasl-pwdb manually. saslpasswd2 made that for
>   me after I passed the -f argument.
>
>   On Tue, 10 Apr 2018, Om Kale wrote:
>
>   > Hi Dormando,
>   > Thanks for the update. I will try this out now. But before this I had 
> one more quick question.
>   > Did you create the sasl folder and memcached.conf manually inside 
> /home/dormando/ ?
>   >
>   >
>   > Thanks and Regards,Om Kale
>   >
>   >
>   > On Tue, Apr 10, 2018 at 3:38 PM, dormando  wrote:
>   >       Hey,
>   >
>   >       Was able to authenticate with your tool:
>   >
>   >       $ pwd
>   >       /home/dormando/sasl
>   >       $ cat memcached.conf
>   >       mech_list: plain
>   >       log_level: 5
>   >       sasldb_path: /home/dormando/sasl/memcached-sasl-pwdb
>   >       $ echo testpass | saslpasswd2 -f
>   >       /home/dormando/sasl/memcached-sasl-pwdb -a memcached -c -p 
> testuser
>   >       $ SASL_CONF_PATH="/home/dormando/sasl" memcached -S -v
>   >       INFO: MEMCACHED_SASL_PWDB not specified. Internal passwd 
> database disabled
>   >       Initialized SASL.
>   >       $ ./testsasl testuser testpass 127.0.0.1
>   >       Get/Set success!
>   >
>   >       Just add the "-f /path/to/sasl-pwdb" to saslpasswd2 and let it 
> create the
>   >       entry for you. Your manual passwd DB isn't valid.
>   >
>   >       Without the -f the tool was exiting with "Generic failure" 
> (should've
>   >       asked you what the exit code was earlier, sorry). Strace'ing it 
> showed it
>   >       was trying to open /etc/sasl and write a new file, but I wasn't 
> running as
>   >       root.
>   >
>   >       On Tue, 10 Apr 2018, Om Kale wrote:
>   >
>   >       > Hey Dormando,
>   >       > Today I tried reinstalling memcached from scratch and 
> followed the procedure in the wiki
>   >       > and the points you mentiibed however same issue of 'no secret 
> in database' is still
>   >       > observed.
>   >       >
>   >       > In addition, did the following steps but still no success.
>   >       > 
> https://stackoverflow.com/questions/12919032/can-i-set-username-and-password-on-memcach
>   >       > ed-like-mysql
>   >       >
>   >       >
>   >       > Thanks and Regards,Om Kale
>   >       >
>   >       > On Mon, Apr 9, 2018 at 11:58 PM, dormando 
>  wrote:
>   >       >       Sorry, ran out of time today. will try for earlier 
> tomorrow
>   >       >
>   >       >       On Mon, 9 Apr 2018, Om Kale wrote:
>   >       >
>   >       >       > Hi Dormando,I was just curious to know whether you 
> were able to reproduce
>   >       >       the above
>   >       >       > mentioned issue?
>   >       >       >
>   >       >       > Thanks and Regards,Om Kale
>   >       >       >
>   >       >       > On Mon, Apr 9, 2018 at 12:53 PM, 

Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.

[Om Kale]

Hi Dormando,
Thanks for the help. I tried the steps you mentioned but end up getting
similar error. However, the error is slightly different this time.
Why is it still pointing to '/tmp/memcached-sasl-db' when the
SASL_CONF_PATH specifies the location of the db file.

OKALE-M-33H5:sasl okale$ pwd
/Users/okale/sasl
OKALE-M-33H5:sasl okale$ cat memcached.conf
mech_list: plain
log_level: 5
sasldb_path: /Users/okale/sasl/memcached-sasl-pwdb
OKALE-M-33H5:sasl okale$ echo testpass | saslpasswd2 -f
/Users/okale/sasl/memcached-sasl-pwdb -a memcached -c -p testuser
OKALE-M-33H5:sasl okale$ SASL_CONF_PATH="/Users/okale/sasl" memcached -S -v
Reading configuration from: 
Initialized SASL.
mech:  ``PLAIN'' with 26 bytes of data
WARNING: Failed to open sasl database : No such
file or directory
SASL (severity 2): Password verification failed
sasl result code:  -20
Unknown sasl response:  -20
^CSignal handled: Interrupt: 2.
OKALE-M-33H5:sasl okale$
OKALE-M-33H5:sasl okale$
OKALE-M-33H5:sasl okale$


On client side:
OKALE-M-33H5:mycode okale$ ./testsasl testuser testpass 127.0.0.1
Set failed: FAILED TO SEND AUTHENTICATION TO SERVER
OKALE-M-33H5:mycode okale$ ./testsasl testuser testpass localhost
Set failed: AUTHENTICATION FAILURE
OKALE-M-33H5:mycode okale$


Any idea why?



Thanks and Regards,
Om Kale

On Tue, Apr 10, 2018 at 4:38 PM, dormando  wrote:

> yes and yes.
>
> mkdir sasl
> cd sasl
> then created memcached.conf
> I did not create memcached-sasl-pwdb manually. saslpasswd2 made that for
> me after I passed the -f argument.
>
> On Tue, 10 Apr 2018, Om Kale wrote:
>
> > Hi Dormando,
> > Thanks for the update. I will try this out now. But before this I had
> one more quick question.
> > Did you create the sasl folder and memcached.conf manually inside
> /home/dormando/ ?
> >
> >
> > Thanks and Regards,Om Kale
> >
> >
> > On Tue, Apr 10, 2018 at 3:38 PM, dormando  wrote:
> >   Hey,
> >
> >   Was able to authenticate with your tool:
> >
> >   $ pwd
> >   /home/dormando/sasl
> >   $ cat memcached.conf
> >   mech_list: plain
> >   log_level: 5
> >   sasldb_path: /home/dormando/sasl/memcached-sasl-pwdb
> >   $ echo testpass | saslpasswd2 -f
> >   /home/dormando/sasl/memcached-sasl-pwdb -a memcached -c -p
> testuser
> >   $ SASL_CONF_PATH="/home/dormando/sasl" memcached -S -v
> >   INFO: MEMCACHED_SASL_PWDB not specified. Internal passwd database
> disabled
> >   Initialized SASL.
> >   $ ./testsasl testuser testpass 127.0.0.1
> >   Get/Set success!
> >
> >   Just add the "-f /path/to/sasl-pwdb" to saslpasswd2 and let it
> create the
> >   entry for you. Your manual passwd DB isn't valid.
> >
> >   Without the -f the tool was exiting with "Generic failure"
> (should've
> >   asked you what the exit code was earlier, sorry). Strace'ing it
> showed it
> >   was trying to open /etc/sasl and write a new file, but I wasn't
> running as
> >   root.
> >
> >   On Tue, 10 Apr 2018, Om Kale wrote:
> >
> >   > Hey Dormando,
> >   > Today I tried reinstalling memcached from scratch and followed
> the procedure in the wiki
> >   > and the points you mentiibed however same issue of 'no secret in
> database' is still
> >   > observed.
> >   >
> >   > In addition, did the following steps but still no success.
> >   > https://stackoverflow.com/questions/12919032/can-i-set-
> username-and-password-on-memcach
> >   > ed-like-mysql
> >   >
> >   >
> >   > Thanks and Regards,Om Kale
> >   >
> >   > On Mon, Apr 9, 2018 at 11:58 PM, dormando 
> wrote:
> >   >   Sorry, ran out of time today. will try for earlier tomorrow
> >   >
> >   >   On Mon, 9 Apr 2018, Om Kale wrote:
> >   >
> >   >   > Hi Dormando,I was just curious to know whether you were
> able to reproduce
> >   >   the above
> >   >   > mentioned issue?
> >   >   >
> >   >   > Thanks and Regards,Om Kale
> >   >   >
> >   >   > On Mon, Apr 9, 2018 at 12:53 PM, Om Kale <
> omkal...@gmail.com> wrote:
> >   >   >   Yes, that will be very helpful Dormando. I agree,
> might be missing
> >   >   >   something.
> >   >   > The points where I think I might be going wrong are as
> follows:
> >   >   >
> >   >   > 1. The exact location and contents of memcached.conf and
> the sasl db file
> >   >   -
> >   >   > memcached-sasl-pwdb (and the interaction between the
> two).
> >   >   > As per my understanding, SASL_CONF_PATH, tells the
> memcached server where
> >   >   to read
> >   >   > the file from and then the line sasldb_path in the conf
> file tells the
> >   >   server
> >   >   > where to get the sasl db file for username:password
> authentication. I feel
> >   >   this
> >   >   > linkage is 

Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.

[dormando]

yes and yes.

mkdir sasl
cd sasl
then created memcached.conf
I did not create memcached-sasl-pwdb manually. saslpasswd2 made that for
me after I passed the -f argument.

On Tue, 10 Apr 2018, Om Kale wrote:

> Hi Dormando,
> Thanks for the update. I will try this out now. But before this I had one 
> more quick question.
> Did you create the sasl folder and memcached.conf manually inside 
> /home/dormando/ ?
>
>
> Thanks and Regards,Om Kale
>
>
> On Tue, Apr 10, 2018 at 3:38 PM, dormando  wrote:
>   Hey,
>
>   Was able to authenticate with your tool:
>
>   $ pwd
>   /home/dormando/sasl
>   $ cat memcached.conf
>   mech_list: plain
>   log_level: 5
>   sasldb_path: /home/dormando/sasl/memcached-sasl-pwdb
>   $ echo testpass | saslpasswd2 -f
>   /home/dormando/sasl/memcached-sasl-pwdb -a memcached -c -p testuser
>   $ SASL_CONF_PATH="/home/dormando/sasl" memcached -S -v
>   INFO: MEMCACHED_SASL_PWDB not specified. Internal passwd database 
> disabled
>   Initialized SASL.
>   $ ./testsasl testuser testpass 127.0.0.1
>   Get/Set success!
>
>   Just add the "-f /path/to/sasl-pwdb" to saslpasswd2 and let it create 
> the
>   entry for you. Your manual passwd DB isn't valid.
>
>   Without the -f the tool was exiting with "Generic failure" (should've
>   asked you what the exit code was earlier, sorry). Strace'ing it showed 
> it
>   was trying to open /etc/sasl and write a new file, but I wasn't running 
> as
>   root.
>
>   On Tue, 10 Apr 2018, Om Kale wrote:
>
>   > Hey Dormando,
>   > Today I tried reinstalling memcached from scratch and followed the 
> procedure in the wiki
>   > and the points you mentiibed however same issue of 'no secret in 
> database' is still
>   > observed.
>   >
>   > In addition, did the following steps but still no success.
>   > 
> https://stackoverflow.com/questions/12919032/can-i-set-username-and-password-on-memcach
>   > ed-like-mysql
>   >
>   >
>   > Thanks and Regards,Om Kale
>   >
>   > On Mon, Apr 9, 2018 at 11:58 PM, dormando  wrote:
>   >       Sorry, ran out of time today. will try for earlier tomorrow
>   >
>   >       On Mon, 9 Apr 2018, Om Kale wrote:
>   >
>   >       > Hi Dormando,I was just curious to know whether you were able 
> to reproduce
>   >       the above
>   >       > mentioned issue?
>   >       >
>   >       > Thanks and Regards,Om Kale
>   >       >
>   >       > On Mon, Apr 9, 2018 at 12:53 PM, Om Kale  
> wrote:
>   >       >       Yes, that will be very helpful Dormando. I agree, might 
> be missing
>   >       >       something.
>   >       > The points where I think I might be going wrong are as 
> follows:
>   >       >
>   >       > 1. The exact location and contents of memcached.conf and the 
> sasl db file
>   >       -
>   >       > memcached-sasl-pwdb (and the interaction between the two).
>   >       > As per my understanding, SASL_CONF_PATH, tells the memcached 
> server where
>   >       to read
>   >       > the file from and then the line sasldb_path in the conf file 
> tells the
>   >       server
>   >       > where to get the sasl db file for username:password 
> authentication. I feel
>   >       this
>   >       > linkage is not happening correctly in my case.
>   >       >
>   >       > 2. Is the sasl db file generated on its own when I run the 
> server? If yes,
>   >       do we
>   >       > need to add command line parameters while running the 
> memcached server for
>   >       this to
>   >       > happen. (FYI: I have configured --enable-sasl-pwdb while 
> running
>   >       configure)
>   >       >
>   >       > The main problem I am facing right now is memcached-sasl-pwdb 
> is not
>   >       getting
>   >       > created and populated on its own.
>   >       > Please do let me know the outcome once you try to reproduce 
> it. I am
>   >       cuurently
>   >       > using MAC-OS high Sierra.
>   >       >
>   >       > Thanks and Regards,Om Kale
>   >       >
>   >       >
>   >       > On Mon, Apr 9, 2018 at 12:28 PM, dormando 
>  wrote:
>   >       >       Hey,
>   >       >
>   >       >       I'll try to reproduce this today. I have a feeling 
> you're skipping
>   >       >       some
>   >       >       steps but it's definitely a confusing process...
>   >       >
>   >       >       On Mon, 9 Apr 2018, Om Kale wrote:
>   >       >
>   >       >       > Currently my set up is as follows:
>   >       >       > 1. My memcached.conf exists at
>   >       >       /Users/okale/Library/Caches/Homebrew/memcached-1.5.7/
>   >       >       > 2. The memcached server on starting reads 

Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.

[Om Kale]

Hi Dormando,
Thanks for the update. I will try this out now. But before this I had one
more quick question.
Did you create the sasl folder and memcached.conf manually inside
/home/dormando/ ?


Thanks and Regards,
Om Kale


On Tue, Apr 10, 2018 at 3:38 PM, dormando  wrote:

> Hey,
>
> Was able to authenticate with your tool:
>
> $ pwd
> /home/dormando/sasl
> $ cat memcached.conf
> mech_list: plain
> log_level: 5
> sasldb_path: /home/dormando/sasl/memcached-sasl-pwdb
> $ echo testpass | saslpasswd2 -f
> /home/dormando/sasl/memcached-sasl-pwdb -a memcached -c -p testuser
> $ SASL_CONF_PATH="/home/dormando/sasl" memcached -S -v
> INFO: MEMCACHED_SASL_PWDB not specified. Internal passwd database disabled
> Initialized SASL.
> $ ./testsasl testuser testpass 127.0.0.1
> Get/Set success!
>
> Just add the "-f /path/to/sasl-pwdb" to saslpasswd2 and let it create the
> entry for you. Your manual passwd DB isn't valid.
>
> Without the -f the tool was exiting with "Generic failure" (should've
> asked you what the exit code was earlier, sorry). Strace'ing it showed it
> was trying to open /etc/sasl and write a new file, but I wasn't running as
> root.
>
> On Tue, 10 Apr 2018, Om Kale wrote:
>
> > Hey Dormando,
> > Today I tried reinstalling memcached from scratch and followed the
> procedure in the wiki
> > and the points you mentiibed however same issue of 'no secret in
> database' is still
> > observed.
> >
> > In addition, did the following steps but still no success.
> > https://stackoverflow.com/questions/12919032/can-i-set-
> username-and-password-on-memcach
> > ed-like-mysql
> >
> >
> > Thanks and Regards,Om Kale
> >
> > On Mon, Apr 9, 2018 at 11:58 PM, dormando  wrote:
> >   Sorry, ran out of time today. will try for earlier tomorrow
> >
> >   On Mon, 9 Apr 2018, Om Kale wrote:
> >
> >   > Hi Dormando,I was just curious to know whether you were able to
> reproduce
> >   the above
> >   > mentioned issue?
> >   >
> >   > Thanks and Regards,Om Kale
> >   >
> >   > On Mon, Apr 9, 2018 at 12:53 PM, Om Kale 
> wrote:
> >   >   Yes, that will be very helpful Dormando. I agree, might be
> missing
> >   >   something.
> >   > The points where I think I might be going wrong are as follows:
> >   >
> >   > 1. The exact location and contents of memcached.conf and the
> sasl db file
> >   -
> >   > memcached-sasl-pwdb (and the interaction between the two).
> >   > As per my understanding, SASL_CONF_PATH, tells the memcached
> server where
> >   to read
> >   > the file from and then the line sasldb_path in the conf file
> tells the
> >   server
> >   > where to get the sasl db file for username:password
> authentication. I feel
> >   this
> >   > linkage is not happening correctly in my case.
> >   >
> >   > 2. Is the sasl db file generated on its own when I run the
> server? If yes,
> >   do we
> >   > need to add command line parameters while running the memcached
> server for
> >   this to
> >   > happen. (FYI: I have configured --enable-sasl-pwdb while running
> >   configure)
> >   >
> >   > The main problem I am facing right now is memcached-sasl-pwdb is
> not
> >   getting
> >   > created and populated on its own.
> >   > Please do let me know the outcome once you try to reproduce it.
> I am
> >   cuurently
> >   > using MAC-OS high Sierra.
> >   >
> >   > Thanks and Regards,Om Kale
> >   >
> >   >
> >   > On Mon, Apr 9, 2018 at 12:28 PM, dormando 
> wrote:
> >   >   Hey,
> >   >
> >   >   I'll try to reproduce this today. I have a feeling you're
> skipping
> >   >   some
> >   >   steps but it's definitely a confusing process...
> >   >
> >   >   On Mon, 9 Apr 2018, Om Kale wrote:
> >   >
> >   >   > Currently my set up is as follows:
> >   >   > 1. My memcached.conf exists at
> >   >   /Users/okale/Library/Caches/Homebrew/memcached-1.5.7/
> >   >   > 2. The memcached server on starting reads from this file
> as shown
> >   in
> >   >   the log:
> >   >   > OKALE-M-33H5:memcached-1.5.7 okale$ ./memcached -S -v
> >   >   > Reading configuration from:
> >   >
> > memcached.conf>
> >   >   > Initialized SASL.
> >   >   > 3. The contents of the memcached.conf are:
> >   >   > mech_list: plain
> >   >   > log_level: 5
> >   >   > sasldb_path:
> >   >
> >/Users/okale/Library/Caches/Homebrew/memcached-1.5.7/
> memcached-sasl-pwdb
> >   >   > 4. The memcached-sasl-pwdb is located
> >   >   at /Users/okale/Library/Caches/Homebrew/memcached-1.5.7/
> and has the
> >   >   line:
> >   >   > (I am adding this line manually as the command 'echo
> "testpass" |
> >   >   

Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.

[dormando]

Hey,

Was able to authenticate with your tool:

$ pwd
/home/dormando/sasl
$ cat memcached.conf
mech_list: plain
log_level: 5
sasldb_path: /home/dormando/sasl/memcached-sasl-pwdb
$ echo testpass | saslpasswd2 -f
/home/dormando/sasl/memcached-sasl-pwdb -a memcached -c -p testuser
$ SASL_CONF_PATH="/home/dormando/sasl" memcached -S -v
INFO: MEMCACHED_SASL_PWDB not specified. Internal passwd database disabled
Initialized SASL.
$ ./testsasl testuser testpass 127.0.0.1
Get/Set success!

Just add the "-f /path/to/sasl-pwdb" to saslpasswd2 and let it create the
entry for you. Your manual passwd DB isn't valid.

Without the -f the tool was exiting with "Generic failure" (should've
asked you what the exit code was earlier, sorry). Strace'ing it showed it
was trying to open /etc/sasl and write a new file, but I wasn't running as
root.

On Tue, 10 Apr 2018, Om Kale wrote:

> Hey Dormando,
> Today I tried reinstalling memcached from scratch and followed the procedure 
> in the wiki
> and the points you mentiibed however same issue of 'no secret in database' is 
> still
> observed.
>
> In addition, did the following steps but still no success.
> https://stackoverflow.com/questions/12919032/can-i-set-username-and-password-on-memcach
> ed-like-mysql
>
>
> Thanks and Regards,Om Kale
>
> On Mon, Apr 9, 2018 at 11:58 PM, dormando  wrote:
>   Sorry, ran out of time today. will try for earlier tomorrow
>
>   On Mon, 9 Apr 2018, Om Kale wrote:
>
>   > Hi Dormando,I was just curious to know whether you were able to 
> reproduce
>   the above
>   > mentioned issue?
>   >
>   > Thanks and Regards,Om Kale
>   >
>   > On Mon, Apr 9, 2018 at 12:53 PM, Om Kale  wrote:
>   >       Yes, that will be very helpful Dormando. I agree, might be 
> missing
>   >       something.
>   > The points where I think I might be going wrong are as follows:
>   >
>   > 1. The exact location and contents of memcached.conf and the sasl db 
> file
>   -
>   > memcached-sasl-pwdb (and the interaction between the two).
>   > As per my understanding, SASL_CONF_PATH, tells the memcached server 
> where
>   to read
>   > the file from and then the line sasldb_path in the conf file tells the
>   server
>   > where to get the sasl db file for username:password authentication. I 
> feel
>   this
>   > linkage is not happening correctly in my case.
>   >
>   > 2. Is the sasl db file generated on its own when I run the server? If 
> yes,
>   do we
>   > need to add command line parameters while running the memcached 
> server for
>   this to
>   > happen. (FYI: I have configured --enable-sasl-pwdb while running
>   configure)
>   >
>   > The main problem I am facing right now is memcached-sasl-pwdb is not
>   getting
>   > created and populated on its own.
>   > Please do let me know the outcome once you try to reproduce it. I am
>   cuurently
>   > using MAC-OS high Sierra.
>   >
>   > Thanks and Regards,Om Kale
>   >
>   >
>   > On Mon, Apr 9, 2018 at 12:28 PM, dormando  wrote:
>   >       Hey,
>   >
>   >       I'll try to reproduce this today. I have a feeling you're 
> skipping
>   >       some
>   >       steps but it's definitely a confusing process...
>   >
>   >       On Mon, 9 Apr 2018, Om Kale wrote:
>   >
>   >       > Currently my set up is as follows:
>   >       > 1. My memcached.conf exists at
>   >       /Users/okale/Library/Caches/Homebrew/memcached-1.5.7/
>   >       > 2. The memcached server on starting reads from this file as 
> shown
>   in
>   >       the log:
>   >       > OKALE-M-33H5:memcached-1.5.7 okale$ ./memcached -S -v
>   >       > Reading configuration from:
>   >     
>    
>   >       > Initialized SASL.
>   >       > 3. The contents of the memcached.conf are:
>   >       > mech_list: plain
>   >       > log_level: 5
>   >       > sasldb_path:
>   >     
>    
> /Users/okale/Library/Caches/Homebrew/memcached-1.5.7/memcached-sasl-pwdb
>   >       > 4. The memcached-sasl-pwdb is located
>   >       at /Users/okale/Library/Caches/Homebrew/memcached-1.5.7/ and 
> has the
>   >       line:
>   >       > (I am adding this line manually as the command 'echo 
> "testpass" |
>   >       saslpasswd2 -a memcached -c -p testuser' is not creating the 
> file
>   and
>   >       adding the
>   >       > content in it)
>   >       > ok:hello
>   >       >
>   >       > However, I still see same error on server side:
>   >       > mech:  ``SRP'' with 15 bytes of data
>   >       > SASL (severity 2): no secret in database
>   >       > sasl result code:  -4
>   >       > Unknown sasl response:  -4
>   >       >
>   >       > Also on client side, I still see:

Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.

[Om Kale]

Hey Dormando,
Today I tried reinstalling memcached from scratch and followed the
procedure in the wiki and the points you mentiibed however same issue of
'no secret in database' is still observed.

In addition, did the following steps but still no success.
https://stackoverflow.com/questions/12919032/can-i-set-username-and-password-on-memcached-like-mysql


Thanks and Regards,
Om Kale

On Mon, Apr 9, 2018 at 11:58 PM, dormando  wrote:

> Sorry, ran out of time today. will try for earlier tomorrow
>
> On Mon, 9 Apr 2018, Om Kale wrote:
>
> > Hi Dormando,I was just curious to know whether you were able to
> reproduce the above
> > mentioned issue?
> >
> > Thanks and Regards,Om Kale
> >
> > On Mon, Apr 9, 2018 at 12:53 PM, Om Kale  wrote:
> >   Yes, that will be very helpful Dormando. I agree, might be missing
> >   something.
> > The points where I think I might be going wrong are as follows:
> >
> > 1. The exact location and contents of memcached.conf and the sasl db
> file -
> > memcached-sasl-pwdb (and the interaction between the two).
> > As per my understanding, SASL_CONF_PATH, tells the memcached server
> where to read
> > the file from and then the line sasldb_path in the conf file tells the
> server
> > where to get the sasl db file for username:password authentication. I
> feel this
> > linkage is not happening correctly in my case.
> >
> > 2. Is the sasl db file generated on its own when I run the server? If
> yes, do we
> > need to add command line parameters while running the memcached server
> for this to
> > happen. (FYI: I have configured --enable-sasl-pwdb while running
> configure)
> >
> > The main problem I am facing right now is memcached-sasl-pwdb is not
> getting
> > created and populated on its own.
> > Please do let me know the outcome once you try to reproduce it. I am
> cuurently
> > using MAC-OS high Sierra.
> >
> > Thanks and Regards,Om Kale
> >
> >
> > On Mon, Apr 9, 2018 at 12:28 PM, dormando  wrote:
> >   Hey,
> >
> >   I'll try to reproduce this today. I have a feeling you're skipping
> >   some
> >   steps but it's definitely a confusing process...
> >
> >   On Mon, 9 Apr 2018, Om Kale wrote:
> >
> >   > Currently my set up is as follows:
> >   > 1. My memcached.conf exists at
> >   /Users/okale/Library/Caches/Homebrew/memcached-1.5.7/
> >   > 2. The memcached server on starting reads from this file as
> shown in
> >   the log:
> >   > OKALE-M-33H5:memcached-1.5.7 okale$ ./memcached -S -v
> >   > Reading configuration from:
> >
>  
> >   > Initialized SASL.
> >   > 3. The contents of the memcached.conf are:
> >   > mech_list: plain
> >   > log_level: 5
> >   > sasldb_path:
> >
>  /Users/okale/Library/Caches/Homebrew/memcached-1.5.7/memcached-sasl-pwdb
> >   > 4. The memcached-sasl-pwdb is located
> >   at /Users/okale/Library/Caches/Homebrew/memcached-1.5.7/ and has
> the
> >   line:
> >   > (I am adding this line manually as the command 'echo "testpass" |
> >   saslpasswd2 -a memcached -c -p testuser' is not creating the file
> and
> >   adding the
> >   > content in it)
> >   > ok:hello
> >   >
> >   > However, I still see same error on server side:
> >   > mech:  ``SRP'' with 15 bytes of data
> >   > SASL (severity 2): no secret in database
> >   > sasl result code:  -4
> >   > Unknown sasl response:  -4
> >   >
> >   > Also on client side, I still see:
> >   > OKALE-M-33H5:mycode okale$ ./testsasl ok hello localhost
> >   > Set failed: AUTHENTICATION FAILURE
> >   >
> >   >
> >   > One more question is:
> >   > Is there any additional info to be provided while starting the
> >   memcached server itself?
> >   >
> > > Thanks and Regards,Om Kale
> > >
> > >
> > > On Mon, Apr 9, 2018 at 10:35 AM, Om Kale  wrote:
> > >   Hey Dormando,
> > > I do not see the memcached-sasl-pwdb created and the password added in
> it.
> > > The steps are same as above.
> > > Also, is there a specific location where memcached.conf and the sasl db
> > file: memcached-sasl-pwdb, need to be put?
> > > I do not see the memcached-sasl-pwdb created automatically. Also the
> > memcached.conf is located at t/sasl/memcached.conf, do I need to make the
> > > modification in this file to point to sasl db or can I create my own
> > memcached.conf at another location?
> > >
> > >
> > >
> > >
> > > Thanks and Regards,Om Kale
> > >
> > >
> > > On Fri, Apr 6, 2018 at 5:53 PM, dormando  wrote:
> > >   Hey,
> > >
> > >   Did the memcached-sasl-pwdb file get created and is there a line
> in
> > it?
> > >
> > >   On Fri, 6 Apr 2018, Om Kale wrote:
> > >
> > >   > Got it. I see the line you mentioned in the test code.
> > >   > I executed the following steps but still see same issue. (I ran
> > ./configure after the echo 

Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.

[dormando]

Sorry, ran out of time today. will try for earlier tomorrow

On Mon, 9 Apr 2018, Om Kale wrote:

> Hi Dormando,I was just curious to know whether you were able to reproduce the 
> above
> mentioned issue?
>
> Thanks and Regards,Om Kale
>
> On Mon, Apr 9, 2018 at 12:53 PM, Om Kale  wrote:
>   Yes, that will be very helpful Dormando. I agree, might be missing
>   something.
> The points where I think I might be going wrong are as follows:
>
> 1. The exact location and contents of memcached.conf and the sasl db file -
> memcached-sasl-pwdb (and the interaction between the two).
> As per my understanding, SASL_CONF_PATH, tells the memcached server where to 
> read
> the file from and then the line sasldb_path in the conf file tells the server
> where to get the sasl db file for username:password authentication. I feel 
> this
> linkage is not happening correctly in my case.
>
> 2. Is the sasl db file generated on its own when I run the server? If yes, do 
> we
> need to add command line parameters while running the memcached server for 
> this to
> happen. (FYI: I have configured --enable-sasl-pwdb while running configure)
>
> The main problem I am facing right now is memcached-sasl-pwdb is not getting
> created and populated on its own.
> Please do let me know the outcome once you try to reproduce it. I am cuurently
> using MAC-OS high Sierra.
>
> Thanks and Regards,Om Kale
>
>
> On Mon, Apr 9, 2018 at 12:28 PM, dormando  wrote:
>   Hey,
>
>   I'll try to reproduce this today. I have a feeling you're skipping
>   some
>   steps but it's definitely a confusing process...
>
>   On Mon, 9 Apr 2018, Om Kale wrote:
>
>   > Currently my set up is as follows:
>   > 1. My memcached.conf exists at
>   /Users/okale/Library/Caches/Homebrew/memcached-1.5.7/
>   > 2. The memcached server on starting reads from this file as shown in
>   the log:
>   > OKALE-M-33H5:memcached-1.5.7 okale$ ./memcached -S -v
>   > Reading configuration from:
>   
>   > Initialized SASL.
>   > 3. The contents of the memcached.conf are:
>   > mech_list: plain
>   > log_level: 5
>   > sasldb_path:
>   /Users/okale/Library/Caches/Homebrew/memcached-1.5.7/memcached-sasl-pwdb
>   > 4. The memcached-sasl-pwdb is located
>   at /Users/okale/Library/Caches/Homebrew/memcached-1.5.7/ and has the
>   line:
>   > (I am adding this line manually as the command 'echo "testpass" |
>   saslpasswd2 -a memcached -c -p testuser' is not creating the file and
>   adding the
>   > content in it)
>   > ok:hello
>   >
>   > However, I still see same error on server side:
>   > mech:  ``SRP'' with 15 bytes of data
>   > SASL (severity 2): no secret in database
>   > sasl result code:  -4
>   > Unknown sasl response:  -4
>   >
>   > Also on client side, I still see:
>   > OKALE-M-33H5:mycode okale$ ./testsasl ok hello localhost
>   > Set failed: AUTHENTICATION FAILURE
>   >
>   >
>   > One more question is:
>   > Is there any additional info to be provided while starting the
>   memcached server itself?
>   >
> > Thanks and Regards,Om Kale
> >
> >
> > On Mon, Apr 9, 2018 at 10:35 AM, Om Kale  wrote:
> >       Hey Dormando,
> > I do not see the memcached-sasl-pwdb created and the password added in it.
> > The steps are same as above.
> > Also, is there a specific location where memcached.conf and the sasl db
> file: memcached-sasl-pwdb, need to be put?
> > I do not see the memcached-sasl-pwdb created automatically. Also the
> memcached.conf is located at t/sasl/memcached.conf, do I need to make the
> > modification in this file to point to sasl db or can I create my own
> memcached.conf at another location?
> >
> >
> >
> >
> > Thanks and Regards,Om Kale
> >
> >
> > On Fri, Apr 6, 2018 at 5:53 PM, dormando  wrote:
> >       Hey,
> >
> >       Did the memcached-sasl-pwdb file get created and is there a line in
> it?
> >
> >       On Fri, 6 Apr 2018, Om Kale wrote:
> >
> >       > Got it. I see the line you mentioned in the test code.
> >       > I executed the following steps but still see same issue. (I ran
> ./configure after the echo command)
> >       >
> >       >
> >       > Here are the steps:
> >       >
> >       > OKALE-M-33H5:memcached-1.5.7 okale$ echo "hello" | saslpasswd2 -a
> memcached -c -p ok
> >       > OKALE-M-33H5:memcached-1.5.7 okale$ ls -lrth | grep -i
> 'memcached.conf'
> >       > -rw-r--r--   1 okale  staff   116B Apr  6 15:28 memcached.conf
> >       > OKALE-M-33H5:memcached-1.5.7 okale$
> >       > OKALE-M-33H5:memcached-1.5.7 okale$
> >       > OKALE-M-33H5:memcached-1.5.7 okale$
> >       > OKALE-M-33H5:memcached-1.5.7 okale$ cat memcached.conf
> >       > mech_list: plain
> >       > log_level: 5
> >       > sasldb_path:
> 

Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.

[Om Kale]

Hi Dormando,
I was just curious to know whether you were able to reproduce the above
mentioned issue?

Thanks and Regards,
Om Kale

On Mon, Apr 9, 2018 at 12:53 PM, Om Kale  wrote:

> Yes, that will be very helpful Dormando. I agree, might be missing
> something.
> The points where I think I might be going wrong are as follows:
>
> 1. The exact location and contents of memcached.conf and the sasl db file
> - memcached-sasl-pwdb (and the interaction between the two).
> As per my understanding, SASL_CONF_PATH, tells the memcached server where
> to read the file from and then the line sasldb_path in the conf file tells
> the server where to get the sasl db file for username:password
> authentication. I feel this linkage is not happening correctly in my case.
>
> 2. Is the sasl db file generated on its own when I run the server? If yes,
> do we need to add command line parameters while running the memcached
> server for this to happen. (FYI: I have configured --enable-sasl-pwdb while
> running configure)
>
> The main problem I am facing right now is memcached-sasl-pwdb is not
> getting created and populated on its own.
> Please do let me know the outcome once you try to reproduce it. I am
> cuurently using MAC-OS high Sierra.
>
> Thanks and Regards,
> Om Kale
>
>
> On Mon, Apr 9, 2018 at 12:28 PM, dormando  wrote:
>
>> Hey,
>>
>> I'll try to reproduce this today. I have a feeling you're skipping some
>> steps but it's definitely a confusing process...
>>
>> On Mon, 9 Apr 2018, Om Kale wrote:
>>
>> > Currently my set up is as follows:
>> > 1. My memcached.conf exists at /Users/okale/Library/Caches/Ho
>> mebrew/memcached-1.5.7/
>> > 2. The memcached server on starting reads from this file as shown in
>> the log:
>> > OKALE-M-33H5:memcached-1.5.7 okale$ ./memcached -S -v
>> > Reading configuration from: > omebrew/memcached-1.5.7/memcached.conf>
>> > Initialized SASL.
>> > 3. The contents of the memcached.conf are:
>> > mech_list: plain
>> > log_level: 5
>> > sasldb_path: /Users/okale/Library/Caches/Ho
>> mebrew/memcached-1.5.7/memcached-sasl-pwdb
>> > 4. The memcached-sasl-pwdb is located at 
>> > /Users/okale/Library/Caches/Homebrew/memcached-1.5.7/
>> and has the line:
>> > (I am adding this line manually as the command 'echo "testpass" |
>> saslpasswd2 -a memcached -c -p testuser' is not creating the file and
>> adding the
>> > content in it)
>> > ok:hello
>> >
>> > However, I still see same error on server side:
>> > mech:  ``SRP'' with 15 bytes of data
>> > SASL (severity 2): no secret in database
>> > sasl result code:  -4
>> > Unknown sasl response:  -4
>> >
>> > Also on client side, I still see:
>> > OKALE-M-33H5:mycode okale$ ./testsasl ok hello localhost
>> > Set failed: AUTHENTICATION FAILURE
>> >
>> >
>> > One more question is:
>> > Is there any additional info to be provided while starting the
>> memcached server itself?
>> >
>> > Thanks and Regards,Om Kale
>> >
>> >
>> > On Mon, Apr 9, 2018 at 10:35 AM, Om Kale  wrote:
>> >   Hey Dormando,
>> > I do not see the memcached-sasl-pwdb created and the password added in
>> it.
>> > The steps are same as above.
>> > Also, is there a specific location where memcached.conf and the sasl db
>> file: memcached-sasl-pwdb, need to be put?
>> > I do not see the memcached-sasl-pwdb created automatically. Also the
>> memcached.conf is located at t/sasl/memcached.conf, do I need to make the
>> > modification in this file to point to sasl db or can I create my own
>> memcached.conf at another location?
>> >
>> >
>> >
>> >
>> > Thanks and Regards,Om Kale
>> >
>> >
>> > On Fri, Apr 6, 2018 at 5:53 PM, dormando  wrote:
>> >   Hey,
>> >
>> >   Did the memcached-sasl-pwdb file get created and is there a line
>> in it?
>> >
>> >   On Fri, 6 Apr 2018, Om Kale wrote:
>> >
>> >   > Got it. I see the line you mentioned in the test code.
>> >   > I executed the following steps but still see same issue. (I ran
>> ./configure after the echo command)
>> >   >
>> >   >
>> >   > Here are the steps:
>> >   >
>> >   > OKALE-M-33H5:memcached-1.5.7 okale$ echo "hello" | saslpasswd2
>> -a memcached -c -p ok
>> >   > OKALE-M-33H5:memcached-1.5.7 okale$ ls -lrth | grep -i
>> 'memcached.conf'
>> >   > -rw-r--r--   1 okale  staff   116B Apr  6 15:28 memcached.conf
>> >   > OKALE-M-33H5:memcached-1.5.7 okale$
>> >   > OKALE-M-33H5:memcached-1.5.7 okale$
>> >   > OKALE-M-33H5:memcached-1.5.7 okale$
>> >   > OKALE-M-33H5:memcached-1.5.7 okale$ cat memcached.conf
>> >   > mech_list: plain
>> >   > log_level: 5
>> >   > sasldb_path: /Users/okale/Library/Caches/Ho
>> mebrew/memcached-1.5.7/memcached-sasl-pwdb
>> >   > OKALE-M-33H5:memcached-1.5.7 okale$
>> >   > OKALE-M-33H5:memcached-1.5.7 okale$
>> >   > OKALE-M-33H5:memcached-1.5.7 okale$ ./memcached -S -v
>> >   > Reading configuration from: > 

Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.

[Om Kale]

Yes, that will be very helpful Dormando. I agree, might be missing
something.
The points where I think I might be going wrong are as follows:

1. The exact location and contents of memcached.conf and the sasl db file -
memcached-sasl-pwdb (and the interaction between the two).
As per my understanding, SASL_CONF_PATH, tells the memcached server where
to read the file from and then the line sasldb_path in the conf file tells
the server where to get the sasl db file for username:password
authentication. I feel this linkage is not happening correctly in my case.

2. Is the sasl db file generated on its own when I run the server? If yes,
do we need to add command line parameters while running the memcached
server for this to happen. (FYI: I have configured --enable-sasl-pwdb while
running configure)

The main problem I am facing right now is memcached-sasl-pwdb is not
getting created and populated on its own.
Please do let me know the outcome once you try to reproduce it. I am
cuurently using MAC-OS high Sierra.

Thanks and Regards,
Om Kale


On Mon, Apr 9, 2018 at 12:28 PM, dormando  wrote:

> Hey,
>
> I'll try to reproduce this today. I have a feeling you're skipping some
> steps but it's definitely a confusing process...
>
> On Mon, 9 Apr 2018, Om Kale wrote:
>
> > Currently my set up is as follows:
> > 1. My memcached.conf exists at /Users/okale/Library/Caches/
> Homebrew/memcached-1.5.7/
> > 2. The memcached server on starting reads from this file as shown in the
> log:
> > OKALE-M-33H5:memcached-1.5.7 okale$ ./memcached -S -v
> > Reading configuration from:  Homebrew/memcached-1.5.7/memcached.conf>
> > Initialized SASL.
> > 3. The contents of the memcached.conf are:
> > mech_list: plain
> > log_level: 5
> > sasldb_path: /Users/okale/Library/Caches/Homebrew/memcached-1.5.7/
> memcached-sasl-pwdb
> > 4. The memcached-sasl-pwdb is located at /Users/okale/Library/
> Caches/Homebrew/memcached-1.5.7/ and has the line:
> > (I am adding this line manually as the command 'echo "testpass" |
> saslpasswd2 -a memcached -c -p testuser' is not creating the file and
> adding the
> > content in it)
> > ok:hello
> >
> > However, I still see same error on server side:
> > mech:  ``SRP'' with 15 bytes of data
> > SASL (severity 2): no secret in database
> > sasl result code:  -4
> > Unknown sasl response:  -4
> >
> > Also on client side, I still see:
> > OKALE-M-33H5:mycode okale$ ./testsasl ok hello localhost
> > Set failed: AUTHENTICATION FAILURE
> >
> >
> > One more question is:
> > Is there any additional info to be provided while starting the memcached
> server itself?
> >
> > Thanks and Regards,Om Kale
> >
> >
> > On Mon, Apr 9, 2018 at 10:35 AM, Om Kale  wrote:
> >   Hey Dormando,
> > I do not see the memcached-sasl-pwdb created and the password added in
> it.
> > The steps are same as above.
> > Also, is there a specific location where memcached.conf and the sasl db
> file: memcached-sasl-pwdb, need to be put?
> > I do not see the memcached-sasl-pwdb created automatically. Also the
> memcached.conf is located at t/sasl/memcached.conf, do I need to make the
> > modification in this file to point to sasl db or can I create my own
> memcached.conf at another location?
> >
> >
> >
> >
> > Thanks and Regards,Om Kale
> >
> >
> > On Fri, Apr 6, 2018 at 5:53 PM, dormando  wrote:
> >   Hey,
> >
> >   Did the memcached-sasl-pwdb file get created and is there a line
> in it?
> >
> >   On Fri, 6 Apr 2018, Om Kale wrote:
> >
> >   > Got it. I see the line you mentioned in the test code.
> >   > I executed the following steps but still see same issue. (I ran
> ./configure after the echo command)
> >   >
> >   >
> >   > Here are the steps:
> >   >
> >   > OKALE-M-33H5:memcached-1.5.7 okale$ echo "hello" | saslpasswd2
> -a memcached -c -p ok
> >   > OKALE-M-33H5:memcached-1.5.7 okale$ ls -lrth | grep -i
> 'memcached.conf'
> >   > -rw-r--r--   1 okale  staff   116B Apr  6 15:28 memcached.conf
> >   > OKALE-M-33H5:memcached-1.5.7 okale$
> >   > OKALE-M-33H5:memcached-1.5.7 okale$
> >   > OKALE-M-33H5:memcached-1.5.7 okale$
> >   > OKALE-M-33H5:memcached-1.5.7 okale$ cat memcached.conf
> >   > mech_list: plain
> >   > log_level: 5
> >   > sasldb_path: /Users/okale/Library/Caches/
> Homebrew/memcached-1.5.7/memcached-sasl-pwdb
> >   > OKALE-M-33H5:memcached-1.5.7 okale$
> >   > OKALE-M-33H5:memcached-1.5.7 okale$
> >   > OKALE-M-33H5:memcached-1.5.7 okale$ ./memcached -S -v
> >   > Reading configuration from:  Homebrew/memcached-1.5.7/memcached.conf>
> >   > Initialized SASL.
> >   > mech:  ``SRP'' with 15 bytes of data
> >   > SASL (severity 2): no secret in database
> >   > sasl result code:  -4
> >   > Unknown sasl response:  -4
> >   >
> >   >
> >   >
> >   > Client side:
> >   > OKALE-M-33H5:mycode okale$ ./testsasl ok hello localhost
> 

Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.

[dormando]

Hey,

I'll try to reproduce this today. I have a feeling you're skipping some
steps but it's definitely a confusing process...

On Mon, 9 Apr 2018, Om Kale wrote:

> Currently my set up is as follows:
> 1. My memcached.conf exists at 
> /Users/okale/Library/Caches/Homebrew/memcached-1.5.7/
> 2. The memcached server on starting reads from this file as shown in the log:
> OKALE-M-33H5:memcached-1.5.7 okale$ ./memcached -S -v
> Reading configuration from: 
> 
> Initialized SASL.
> 3. The contents of the memcached.conf are:
> mech_list: plain
> log_level: 5
> sasldb_path: 
> /Users/okale/Library/Caches/Homebrew/memcached-1.5.7/memcached-sasl-pwdb
> 4. The memcached-sasl-pwdb is located at 
> /Users/okale/Library/Caches/Homebrew/memcached-1.5.7/ and has the line:
> (I am adding this line manually as the command 'echo "testpass" | saslpasswd2 
> -a memcached -c -p testuser' is not creating the file and adding the
> content in it)
> ok:hello
>
> However, I still see same error on server side:
> mech:  ``SRP'' with 15 bytes of data
> SASL (severity 2): no secret in database
> sasl result code:  -4
> Unknown sasl response:  -4
>
> Also on client side, I still see:
> OKALE-M-33H5:mycode okale$ ./testsasl ok hello localhost
> Set failed: AUTHENTICATION FAILURE
>
>
> One more question is:
> Is there any additional info to be provided while starting the memcached 
> server itself?
>
> Thanks and Regards,Om Kale
>
>
> On Mon, Apr 9, 2018 at 10:35 AM, Om Kale  wrote:
>   Hey Dormando,
> I do not see the memcached-sasl-pwdb created and the password added in it.
> The steps are same as above.
> Also, is there a specific location where memcached.conf and the sasl db file: 
> memcached-sasl-pwdb, need to be put?
> I do not see the memcached-sasl-pwdb created automatically. Also the 
> memcached.conf is located at t/sasl/memcached.conf, do I need to make the
> modification in this file to point to sasl db or can I create my own 
> memcached.conf at another location?
>
>
>
>
> Thanks and Regards,Om Kale
>
>
> On Fri, Apr 6, 2018 at 5:53 PM, dormando  wrote:
>   Hey,
>
>   Did the memcached-sasl-pwdb file get created and is there a line in it?
>
>   On Fri, 6 Apr 2018, Om Kale wrote:
>
>   > Got it. I see the line you mentioned in the test code.
>   > I executed the following steps but still see same issue. (I ran 
> ./configure after the echo command)
>   >
>   >
>   > Here are the steps:
>   >
>   > OKALE-M-33H5:memcached-1.5.7 okale$ echo "hello" | saslpasswd2 -a 
> memcached -c -p ok
>   > OKALE-M-33H5:memcached-1.5.7 okale$ ls -lrth | grep -i 
> 'memcached.conf'
>   > -rw-r--r--   1 okale  staff   116B Apr  6 15:28 memcached.conf
>   > OKALE-M-33H5:memcached-1.5.7 okale$
>   > OKALE-M-33H5:memcached-1.5.7 okale$
>   > OKALE-M-33H5:memcached-1.5.7 okale$
>   > OKALE-M-33H5:memcached-1.5.7 okale$ cat memcached.conf
>   > mech_list: plain
>   > log_level: 5
>   > sasldb_path: 
> /Users/okale/Library/Caches/Homebrew/memcached-1.5.7/memcached-sasl-pwdb
>   > OKALE-M-33H5:memcached-1.5.7 okale$
>   > OKALE-M-33H5:memcached-1.5.7 okale$
>   > OKALE-M-33H5:memcached-1.5.7 okale$ ./memcached -S -v
>   > Reading configuration from: 
> 
>   > Initialized SASL.
>   > mech:  ``SRP'' with 15 bytes of data
>   > SASL (severity 2): no secret in database
>   > sasl result code:  -4
>   > Unknown sasl response:  -4
>   >
>   >
>   >
>   > Client side:
>   > OKALE-M-33H5:mycode okale$ ./testsasl ok hello localhost
>   > Set failed: AUTHENTICATION FAILURE
>   > OKALE-M-33H5:mycode okale$
>   >
>   >
>   >
>   > Is there a specific location where memcached.conf and the sasl db 
> file: memcached-sasl-pwdb, need to be put?
>   >
>   >
>   >
>   >
> > Thanks and Regards,Om Kale
> >
> >
> > On Fri, Apr 6, 2018 at 3:54 PM, dormando  wrote:
> >       Read the 30 lines around where I said, not just that line.
> >
> >       though I guess it's just:
> >
> >       system("echo testpass | $saslpasswd_path -a memcached -c -p 
> >testuser");
> >
> >       so that means:
> >
> >       echo "testpass" | saslpasswd2 -a memcached -c -p testuser
> >       if you run that from the same directory as your memcached.conf (or 
> >use -f
> >       to point to it?), it should create the file properly.
> >
> >       I'm saying to use the tool instead of just putting the 
> >username/password
> >       into the file, and also using the sasldb_path: argument in 
> >memcached.conf
> >       to point to the sasldb, instead of the environment variable.
> >
> >       On Fri, 6 Apr 2018, Om Kale wrote:
> >
> >       > Hey Dormando,
> >       > Ok. When I look at the 't/binary-sasl.t' and search for the section 
> >you mentioned,
> >       > I see this:
> >       >
> >       > # Build the auth DB for testing.
> >       >
> >       > my 

Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.

[Om Kale]

Currently my set up is as follows:
1. My memcached.conf exists at /Users/okale/Library/Caches/
Homebrew/memcached-1.5.7/
2. The memcached server on starting reads from this file as shown in the
log:
OKALE-M-33H5:memcached-1.5.7 okale$ ./memcached -S -v
Reading configuration from: 
Initialized SASL.
3. The contents of the memcached.conf are:
mech_list: plain
log_level: 5
sasldb_path: /Users/okale/Library/Caches/Homebrew/memcached-1.5.7/
memcached-sasl-pwdb
4. The memcached-sasl-pwdb is located at /Users/okale/Library/Caches/
Homebrew/memcached-1.5.7/ and has the line:
(I am adding this line manually as the command 'echo "testpass" |
saslpasswd2 -a memcached -c -p testuser' is not creating the file and
adding the content in it)
ok:hello

However, I still see same error on server side:
mech:  ``SRP'' with 15 bytes of data
SASL (severity 2): no secret in database
sasl result code:  -4
Unknown sasl response:  -4

Also on client side, I still see:
OKALE-M-33H5:mycode okale$ ./testsasl ok hello localhost
Set failed: AUTHENTICATION FAILURE


One more question is:
Is there any additional info to be provided while starting the memcached
server itself?

Thanks and Regards,
Om Kale


On Mon, Apr 9, 2018 at 10:35 AM, Om Kale  wrote:

> Hey Dormando,
> I do not see the memcached-sasl-pwdb created and the password added in it.
> The steps are same as above.
> Also, is there a specific location where memcached.conf and the sasl db
> file: memcached-sasl-pwdb, need to be put?
> I do not see the memcached-sasl-pwdb created automatically. Also the
> memcached.conf is located at t/sasl/memcached.conf, do I need to make the
> modification in this file to point to sasl db or can I create my own
> memcached.conf at another location?
>
>
>
>
> Thanks and Regards,
> Om Kale
>
>
> On Fri, Apr 6, 2018 at 5:53 PM, dormando  wrote:
>
>> Hey,
>>
>> Did the memcached-sasl-pwdb file get created and is there a line in it?
>>
>> On Fri, 6 Apr 2018, Om Kale wrote:
>>
>> > Got it. I see the line you mentioned in the test code.
>> > I executed the following steps but still see same issue. (I ran
>> ./configure after the echo command)
>> >
>> >
>> > Here are the steps:
>> >
>> > OKALE-M-33H5:memcached-1.5.7 okale$ echo "hello" | saslpasswd2 -a
>> memcached -c -p ok
>> > OKALE-M-33H5:memcached-1.5.7 okale$ ls -lrth | grep -i 'memcached.conf'
>> > -rw-r--r--   1 okale  staff   116B Apr  6 15:28 memcached.conf
>> > OKALE-M-33H5:memcached-1.5.7 okale$
>> > OKALE-M-33H5:memcached-1.5.7 okale$
>> > OKALE-M-33H5:memcached-1.5.7 okale$
>> > OKALE-M-33H5:memcached-1.5.7 okale$ cat memcached.conf
>> > mech_list: plain
>> > log_level: 5
>> > sasldb_path: /Users/okale/Library/Caches/Ho
>> mebrew/memcached-1.5.7/memcached-sasl-pwdb
>> > OKALE-M-33H5:memcached-1.5.7 okale$
>> > OKALE-M-33H5:memcached-1.5.7 okale$
>> > OKALE-M-33H5:memcached-1.5.7 okale$ ./memcached -S -v
>> > Reading configuration from: > omebrew/memcached-1.5.7/memcached.conf>
>> > Initialized SASL.
>> > mech:  ``SRP'' with 15 bytes of data
>> > SASL (severity 2): no secret in database
>> > sasl result code:  -4
>> > Unknown sasl response:  -4
>> >
>> >
>> >
>> > Client side:
>> > OKALE-M-33H5:mycode okale$ ./testsasl ok hello localhost
>> > Set failed: AUTHENTICATION FAILURE
>> > OKALE-M-33H5:mycode okale$
>> >
>> >
>> >
>> > Is there a specific location where memcached.conf and the sasl db file:
>> memcached-sasl-pwdb, need to be put?
>> >
>> >
>> >
>> >
>> > Thanks and Regards,Om Kale
>> >
>> >
>> > On Fri, Apr 6, 2018 at 3:54 PM, dormando  wrote:
>> >   Read the 30 lines around where I said, not just that line.
>> >
>> >   though I guess it's just:
>> >
>> >   system("echo testpass | $saslpasswd_path -a memcached -c -p
>> testuser");
>> >
>> >   so that means:
>> >
>> >   echo "testpass" | saslpasswd2 -a memcached -c -p testuser
>> >   if you run that from the same directory as your memcached.conf
>> (or use -f
>> >   to point to it?), it should create the file properly.
>> >
>> >   I'm saying to use the tool instead of just putting the
>> username/password
>> >   into the file, and also using the sasldb_path: argument in
>> memcached.conf
>> >   to point to the sasldb, instead of the environment variable.
>> >
>> >   On Fri, 6 Apr 2018, Om Kale wrote:
>> >
>> >   > Hey Dormando,
>> >   > Ok. When I look at the 't/binary-sasl.t' and search for the
>> section you mentioned,
>> >   > I see this:
>> >   >
>> >   > # Build the auth DB for testing.
>> >   >
>> >   > my $sasldb = '/tmp/test-memcached.sasldb';
>> >   >
>> >   > unlink $sasldb;
>> >   >
>> >   >
>> >   > In the t/sasl/memcached.conf, I see the following:
>> >   > mech_list: plain cram-md5
>> >   > log_level: 5
>> >   > sasldb_path: /tmp/test-memcached.sasldb
>> >   >
>> >   > Now, let me know what I need to doa bit confused.
>> >   > Do I need to 

Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.

[Om Kale]

Hey Dormando,
I do not see the memcached-sasl-pwdb created and the password added in it.
The steps are same as above.
Also, is there a specific location where memcached.conf and the sasl db
file: memcached-sasl-pwdb, need to be put?
I do not see the memcached-sasl-pwdb created automatically. Also the
memcached.conf is located at t/sasl/memcached.conf, do I need to make the
modification in this file to point to sasl db or can I create my own
memcached.conf at another location?




Thanks and Regards,
Om Kale


On Fri, Apr 6, 2018 at 5:53 PM, dormando  wrote:

> Hey,
>
> Did the memcached-sasl-pwdb file get created and is there a line in it?
>
> On Fri, 6 Apr 2018, Om Kale wrote:
>
> > Got it. I see the line you mentioned in the test code.
> > I executed the following steps but still see same issue. (I ran
> ./configure after the echo command)
> >
> >
> > Here are the steps:
> >
> > OKALE-M-33H5:memcached-1.5.7 okale$ echo "hello" | saslpasswd2 -a
> memcached -c -p ok
> > OKALE-M-33H5:memcached-1.5.7 okale$ ls -lrth | grep -i 'memcached.conf'
> > -rw-r--r--   1 okale  staff   116B Apr  6 15:28 memcached.conf
> > OKALE-M-33H5:memcached-1.5.7 okale$
> > OKALE-M-33H5:memcached-1.5.7 okale$
> > OKALE-M-33H5:memcached-1.5.7 okale$
> > OKALE-M-33H5:memcached-1.5.7 okale$ cat memcached.conf
> > mech_list: plain
> > log_level: 5
> > sasldb_path: /Users/okale/Library/Caches/Homebrew/memcached-1.5.7/
> memcached-sasl-pwdb
> > OKALE-M-33H5:memcached-1.5.7 okale$
> > OKALE-M-33H5:memcached-1.5.7 okale$
> > OKALE-M-33H5:memcached-1.5.7 okale$ ./memcached -S -v
> > Reading configuration from:  Homebrew/memcached-1.5.7/memcached.conf>
> > Initialized SASL.
> > mech:  ``SRP'' with 15 bytes of data
> > SASL (severity 2): no secret in database
> > sasl result code:  -4
> > Unknown sasl response:  -4
> >
> >
> >
> > Client side:
> > OKALE-M-33H5:mycode okale$ ./testsasl ok hello localhost
> > Set failed: AUTHENTICATION FAILURE
> > OKALE-M-33H5:mycode okale$
> >
> >
> >
> > Is there a specific location where memcached.conf and the sasl db file:
> memcached-sasl-pwdb, need to be put?
> >
> >
> >
> >
> > Thanks and Regards,Om Kale
> >
> >
> > On Fri, Apr 6, 2018 at 3:54 PM, dormando  wrote:
> >   Read the 30 lines around where I said, not just that line.
> >
> >   though I guess it's just:
> >
> >   system("echo testpass | $saslpasswd_path -a memcached -c -p
> testuser");
> >
> >   so that means:
> >
> >   echo "testpass" | saslpasswd2 -a memcached -c -p testuser
> >   if you run that from the same directory as your memcached.conf (or
> use -f
> >   to point to it?), it should create the file properly.
> >
> >   I'm saying to use the tool instead of just putting the
> username/password
> >   into the file, and also using the sasldb_path: argument in
> memcached.conf
> >   to point to the sasldb, instead of the environment variable.
> >
> >   On Fri, 6 Apr 2018, Om Kale wrote:
> >
> >   > Hey Dormando,
> >   > Ok. When I look at the 't/binary-sasl.t' and search for the
> section you mentioned,
> >   > I see this:
> >   >
> >   > # Build the auth DB for testing.
> >   >
> >   > my $sasldb = '/tmp/test-memcached.sasldb';
> >   >
> >   > unlink $sasldb;
> >   >
> >   >
> >   > In the t/sasl/memcached.conf, I see the following:
> >   > mech_list: plain cram-md5
> >   > log_level: 5
> >   > sasldb_path: /tmp/test-memcached.sasldb
> >   >
> >   > Now, let me know what I need to doa bit confused.
> >   > Do I need to change any of the above or do I create
> test-memcached.sasldb under tmp on my machine, add a username:password to
> it and then
> >   run ./configure
> >   > followed by make?
> >   >
> >   >
> >   >
> >   >
> >   > Thanks and Regards,Om Kale
> >   >
> >   >
> >   > On Fri, Apr 6, 2018 at 2:48 PM, dormando 
> wrote:
> >   >   Just for sanity's sake, if you look at:
> t/sasl/memcached.conf in the
> >   >   tarball, and look at t/binary-sasl.t (look for the section
> starting with
> >   >   "my $sasldb =", and build a passwd + configure the pwdb
> that way, does it
> >   >   work?
> >   >
> >   >   to reiterate; the test config file explicitly declares the
> path for the db
> >   >   within memcached.conf, and then adds the passwords to it
> via the
> >   >   saslpasswd tool.
> >   >
> >   >   Would help rule things out anyway. thanks!
> >   >
> >   >   On Fri, 6 Apr 2018, Om Kale wrote:
> >   >
> >   >   > Yup, it will be really helpful if you could try and
> reproduce it.
> >   >   > Yes...that's the thing I was wondering, 'no secret in
> database' means its able to reach the database, but unable to read/load the
> >   >   memcached-sasl-pwdb
> >   >   > file. Additionally, I was 

Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.

[dormando]

Hey,

Did the memcached-sasl-pwdb file get created and is there a line in it?

On Fri, 6 Apr 2018, Om Kale wrote:

> Got it. I see the line you mentioned in the test code.
> I executed the following steps but still see same issue. (I ran ./configure 
> after the echo command)
>
>
> Here are the steps:
>
> OKALE-M-33H5:memcached-1.5.7 okale$ echo "hello" | saslpasswd2 -a memcached 
> -c -p ok
> OKALE-M-33H5:memcached-1.5.7 okale$ ls -lrth | grep -i 'memcached.conf'
> -rw-r--r--   1 okale  staff   116B Apr  6 15:28 memcached.conf
> OKALE-M-33H5:memcached-1.5.7 okale$
> OKALE-M-33H5:memcached-1.5.7 okale$
> OKALE-M-33H5:memcached-1.5.7 okale$
> OKALE-M-33H5:memcached-1.5.7 okale$ cat memcached.conf
> mech_list: plain
> log_level: 5
> sasldb_path: 
> /Users/okale/Library/Caches/Homebrew/memcached-1.5.7/memcached-sasl-pwdb
> OKALE-M-33H5:memcached-1.5.7 okale$
> OKALE-M-33H5:memcached-1.5.7 okale$
> OKALE-M-33H5:memcached-1.5.7 okale$ ./memcached -S -v
> Reading configuration from: 
> 
> Initialized SASL.
> mech:  ``SRP'' with 15 bytes of data
> SASL (severity 2): no secret in database
> sasl result code:  -4
> Unknown sasl response:  -4
>
>
>
> Client side:
> OKALE-M-33H5:mycode okale$ ./testsasl ok hello localhost
> Set failed: AUTHENTICATION FAILURE
> OKALE-M-33H5:mycode okale$
>
>
>
> Is there a specific location where memcached.conf and the sasl db file: 
> memcached-sasl-pwdb, need to be put?
>
>
>
>
> Thanks and Regards,Om Kale
>
>
> On Fri, Apr 6, 2018 at 3:54 PM, dormando  wrote:
>   Read the 30 lines around where I said, not just that line.
>
>   though I guess it's just:
>
>   system("echo testpass | $saslpasswd_path -a memcached -c -p testuser");
>
>   so that means:
>
>   echo "testpass" | saslpasswd2 -a memcached -c -p testuser
>   if you run that from the same directory as your memcached.conf (or use 
> -f
>   to point to it?), it should create the file properly.
>
>   I'm saying to use the tool instead of just putting the username/password
>   into the file, and also using the sasldb_path: argument in 
> memcached.conf
>   to point to the sasldb, instead of the environment variable.
>
>   On Fri, 6 Apr 2018, Om Kale wrote:
>
>   > Hey Dormando,
>   > Ok. When I look at the 't/binary-sasl.t' and search for the section 
> you mentioned,
>   > I see this:
>   >
>   > # Build the auth DB for testing.
>   >
>   > my $sasldb = '/tmp/test-memcached.sasldb';
>   >
>   > unlink $sasldb;
>   >
>   >
>   > In the t/sasl/memcached.conf, I see the following:
>   > mech_list: plain cram-md5
>   > log_level: 5
>   > sasldb_path: /tmp/test-memcached.sasldb
>   >
>   > Now, let me know what I need to doa bit confused.
>   > Do I need to change any of the above or do I create 
> test-memcached.sasldb under tmp on my machine, add a username:password to it 
> and then
>   run ./configure
>   > followed by make?
>   >
>   >
>   >
>   >
>   > Thanks and Regards,Om Kale
>   >
>   >
>   > On Fri, Apr 6, 2018 at 2:48 PM, dormando  wrote:
>   >       Just for sanity's sake, if you look at: t/sasl/memcached.conf 
> in the
>   >       tarball, and look at t/binary-sasl.t (look for the section 
> starting with
>   >       "my $sasldb =", and build a passwd + configure the pwdb that 
> way, does it
>   >       work?
>   >
>   >       to reiterate; the test config file explicitly declares the path 
> for the db
>   >       within memcached.conf, and then adds the passwords to it via the
>   >       saslpasswd tool.
>   >
>   >       Would help rule things out anyway. thanks!
>   >
>   >       On Fri, 6 Apr 2018, Om Kale wrote:
>   >
>   >       > Yup, it will be really helpful if you could try and reproduce 
> it.
>   >       > Yes...that's the thing I was wondering, 'no secret in 
> database' means its able to reach the database, but unable to read/load the
>   >       memcached-sasl-pwdb
>   >       > file. Additionally, I was wondering, if there is need to 
> write additional code for some shared secret at client side or any other
>   >       dependencies.
>   >       > Currently, I am directly using memcached_set_sasl_auth_data 
> function in the client.
>   >       >
>   >       > Here are the steps to reproduce:
>   >       > 1. I installed the memcached server with the enable-sasl and 
> enable-sasl-db.
>   >       > 2. Wrote a c client as attached in the email.
>   >       > 3. Created a file with the username:password entry named 
> memcached-sasl-pwdb as shown before.
>   >       > 4. Created a memcached.conf with mech:plain
>   >       > 5. Ran the server using ./memcached -S -vv
>   >       > 6. Ran the client using ./testsasl username password localhost
>   >       >
>   >       > Couple more things to 

Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.

[Om Kale]

Got it. I see the line you mentioned in the test code.
I executed the following steps but still see same issue. (I ran ./configure
after the echo command)


Here are the steps:

OKALE-M-33H5:memcached-1.5.7 okale$ echo "hello" | saslpasswd2 -a memcached
-c -p ok
OKALE-M-33H5:memcached-1.5.7 okale$ ls -lrth | grep -i 'memcached.conf'
-rw-r--r--   1 okale  staff   116B Apr  6 15:28 memcached.conf
OKALE-M-33H5:memcached-1.5.7 okale$
OKALE-M-33H5:memcached-1.5.7 okale$
OKALE-M-33H5:memcached-1.5.7 okale$
OKALE-M-33H5:memcached-1.5.7 okale$ cat memcached.conf
mech_list: plain
log_level: 5
sasldb_path:
/Users/okale/Library/Caches/Homebrew/memcached-1.5.7/memcached-sasl-pwdb
OKALE-M-33H5:memcached-1.5.7 okale$
OKALE-M-33H5:memcached-1.5.7 okale$
OKALE-M-33H5:memcached-1.5.7 okale$ ./memcached -S -v
Reading configuration from:

Initialized SASL.
mech:  ``SRP'' with 15 bytes of data
SASL (severity 2): no secret in database
sasl result code:  -4
Unknown sasl response:  -4



Client side:
OKALE-M-33H5:mycode okale$ ./testsasl ok hello localhost
Set failed: AUTHENTICATION FAILURE
OKALE-M-33H5:mycode okale$



Is there a specific location where memcached.conf and the sasl db file:
memcached-sasl-pwdb, need to be put?




Thanks and Regards,
Om Kale


On Fri, Apr 6, 2018 at 3:54 PM, dormando  wrote:

> Read the 30 lines around where I said, not just that line.
>
> though I guess it's just:
>
> system("echo testpass | $saslpasswd_path -a memcached -c -p testuser");
>
> so that means:
>
> echo "testpass" | saslpasswd2 -a memcached -c -p testuser
> if you run that from the same directory as your memcached.conf (or use -f
> to point to it?), it should create the file properly.
>
> I'm saying to use the tool instead of just putting the username/password
> into the file, and also using the sasldb_path: argument in memcached.conf
> to point to the sasldb, instead of the environment variable.
>
> On Fri, 6 Apr 2018, Om Kale wrote:
>
> > Hey Dormando,
> > Ok. When I look at the 't/binary-sasl.t' and search for the section you
> mentioned,
> > I see this:
> >
> > # Build the auth DB for testing.
> >
> > my $sasldb = '/tmp/test-memcached.sasldb';
> >
> > unlink $sasldb;
> >
> >
> > In the t/sasl/memcached.conf, I see the following:
> > mech_list: plain cram-md5
> > log_level: 5
> > sasldb_path: /tmp/test-memcached.sasldb
> >
> > Now, let me know what I need to doa bit confused.
> > Do I need to change any of the above or do I create
> test-memcached.sasldb under tmp on my machine, add a username:password to
> it and then run ./configure
> > followed by make?
> >
> >
> >
> >
> > Thanks and Regards,Om Kale
> >
> >
> > On Fri, Apr 6, 2018 at 2:48 PM, dormando  wrote:
> >   Just for sanity's sake, if you look at: t/sasl/memcached.conf in
> the
> >   tarball, and look at t/binary-sasl.t (look for the section
> starting with
> >   "my $sasldb =", and build a passwd + configure the pwdb that way,
> does it
> >   work?
> >
> >   to reiterate; the test config file explicitly declares the path
> for the db
> >   within memcached.conf, and then adds the passwords to it via the
> >   saslpasswd tool.
> >
> >   Would help rule things out anyway. thanks!
> >
> >   On Fri, 6 Apr 2018, Om Kale wrote:
> >
> >   > Yup, it will be really helpful if you could try and reproduce it.
> >   > Yes...that's the thing I was wondering, 'no secret in database'
> means its able to reach the database, but unable to read/load the
> >   memcached-sasl-pwdb
> >   > file. Additionally, I was wondering, if there is need to write
> additional code for some shared secret at client side or any other
> >   dependencies.
> >   > Currently, I am directly using memcached_set_sasl_auth_data
> function in the client.
> >   >
> >   > Here are the steps to reproduce:
> >   > 1. I installed the memcached server with the enable-sasl and
> enable-sasl-db.
> >   > 2. Wrote a c client as attached in the email.
> >   > 3. Created a file with the username:password entry named
> memcached-sasl-pwdb as shown before.
> >   > 4. Created a memcached.conf with mech:plain
> >   > 5. Ran the server using ./memcached -S -vv
> >   > 6. Ran the client using ./testsasl username password localhost
> >   >
> >   > Couple more things to add:
> >   > 1. I have followed the following wiki:
> >   > https://github.com/memcached/memcached/wiki/SASLHowto
> >   >
> >   > 2. I haven't used this but added the user:pass in the
> memcached-sasl-pwdb file manually.
> >   >
> >   >  saslpasswd2 -a memcached -c cacheuser
> >   > 3. For the SASL library cyrus-sasl-plain, I have installed it,
> but havent used/pointed to it in code or on the server as I did not see
> >   steps for this.
> >   >
> >   > 4.I see its mentioned configure option --enable-sasl-pwdb is not
> working on the wiki, but saw that its there in one of the new 

Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.

[dormando]

Read the 30 lines around where I said, not just that line.

though I guess it's just:

system("echo testpass | $saslpasswd_path -a memcached -c -p testuser");

so that means:

echo "testpass" | saslpasswd2 -a memcached -c -p testuser
if you run that from the same directory as your memcached.conf (or use -f
to point to it?), it should create the file properly.

I'm saying to use the tool instead of just putting the username/password
into the file, and also using the sasldb_path: argument in memcached.conf
to point to the sasldb, instead of the environment variable.

On Fri, 6 Apr 2018, Om Kale wrote:

> Hey Dormando,
> Ok. When I look at the 't/binary-sasl.t' and search for the section you 
> mentioned,
> I see this:
>
> # Build the auth DB for testing.
>
> my $sasldb = '/tmp/test-memcached.sasldb';
>
> unlink $sasldb;
>
>
> In the t/sasl/memcached.conf, I see the following:
> mech_list: plain cram-md5
> log_level: 5
> sasldb_path: /tmp/test-memcached.sasldb
>
> Now, let me know what I need to doa bit confused.
> Do I need to change any of the above or do I create test-memcached.sasldb 
> under tmp on my machine, add a username:password to it and then run 
> ./configure
> followed by make?
>
>
>
>
> Thanks and Regards,Om Kale
>
>
> On Fri, Apr 6, 2018 at 2:48 PM, dormando  wrote:
>   Just for sanity's sake, if you look at: t/sasl/memcached.conf in the
>   tarball, and look at t/binary-sasl.t (look for the section starting with
>   "my $sasldb =", and build a passwd + configure the pwdb that way, does 
> it
>   work?
>
>   to reiterate; the test config file explicitly declares the path for the 
> db
>   within memcached.conf, and then adds the passwords to it via the
>   saslpasswd tool.
>
>   Would help rule things out anyway. thanks!
>
>   On Fri, 6 Apr 2018, Om Kale wrote:
>
>   > Yup, it will be really helpful if you could try and reproduce it.
>   > Yes...that's the thing I was wondering, 'no secret in database' means 
> its able to reach the database, but unable to read/load the
>   memcached-sasl-pwdb
>   > file. Additionally, I was wondering, if there is need to write 
> additional code for some shared secret at client side or any other
>   dependencies.
>   > Currently, I am directly using memcached_set_sasl_auth_data function 
> in the client.
>   >
>   > Here are the steps to reproduce:
>   > 1. I installed the memcached server with the enable-sasl and 
> enable-sasl-db.
>   > 2. Wrote a c client as attached in the email.
>   > 3. Created a file with the username:password entry named 
> memcached-sasl-pwdb as shown before.
>   > 4. Created a memcached.conf with mech:plain
>   > 5. Ran the server using ./memcached -S -vv
>   > 6. Ran the client using ./testsasl username password localhost
>   >
>   > Couple more things to add:
>   > 1. I have followed the following wiki:
>   > https://github.com/memcached/memcached/wiki/SASLHowto
>   >
>   > 2. I haven't used this but added the user:pass in the 
> memcached-sasl-pwdb file manually.
>   >
>   >  saslpasswd2 -a memcached -c cacheuser
>   > 3. For the SASL library cyrus-sasl-plain, I have installed it, but 
> havent used/pointed to it in code or on the server as I did not see
>   steps for this.
>   >
>   > 4.I see its mentioned configure option --enable-sasl-pwdb is not 
> working on the wiki, but saw that its there in one of the new PRs.
>   > https://github.com/memcached/memcached/issues/365
>   >
>   >
>   > Let me know if you need any additional info from my side.
>   >
>   > Regards,
>   > Om Kale
>   >
>   >
>   >
>   > On Friday, April 6, 2018 at 12:45:26 PM UTC-7, Dormando wrote:
>   >       No secret in database means it thinks the pwdb is empty (or it 
> can't
>   >       load/find the pwdb).
>   >
>   >       I'm not sure why offhand.. I can try to reproduce it but won't 
> have time
>   >       until later today.
>   >
>   >       On Fri, 6 Apr 2018, Om Kale wrote:
>   >
>   >       > Hi Dormando,
>   >       > Thanks for the quick reply. I used the environment variable 
> you suggested before running the memcached server instance:
>   >       > 
> MEMCACHED_SASL_PWDB="/Users/okale/Library/Caches/Homebrew/memcached-1.5.7/memcached-sasl-pwdb"
>   >       >
>   >       > I have added the following in my memcached.conf file (so 
> basically tells plain text). I have openssl and openldap installed on my
>   machine
>   >       but haven't
>   >       > specified it any config or pointed to it in the code.
>   >       > > OKALE-M-33H5:memcached-1.5.7 okale$ cat memcached.conf
>   >       > > mech_list: plain
>   >       >
>   >       > Now I run:
>   >       > ./memcached -S -v
>   >       >
>   >       > Followed by the client:
>   >       > 

Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.

[Om Kale]

Hey Dormando,
Ok. When I look at the 't/binary-sasl.t' and search for the section you
mentioned,
I see this:

# Build the auth DB for testing.

my $sasldb = '/tmp/test-memcached.sasldb';

unlink $sasldb;

In the t/sasl/memcached.conf, I see the following:
mech_list: plain cram-md5
log_level: 5
sasldb_path: /tmp/test-memcached.sasldb

Now, let me know what I need to doa bit confused.
Do I need to change any of the above or do I create test-memcached.sasldb
under tmp on my machine, add a username:password to it and then run
./configure followed by make?




Thanks and Regards,
Om Kale


On Fri, Apr 6, 2018 at 2:48 PM, dormando  wrote:

> Just for sanity's sake, if you look at: t/sasl/memcached.conf in the
> tarball, and look at t/binary-sasl.t (look for the section starting with
> "my $sasldb =", and build a passwd + configure the pwdb that way, does it
> work?
>
> to reiterate; the test config file explicitly declares the path for the db
> within memcached.conf, and then adds the passwords to it via the
> saslpasswd tool.
>
> Would help rule things out anyway. thanks!
>
> On Fri, 6 Apr 2018, Om Kale wrote:
>
> > Yup, it will be really helpful if you could try and reproduce it.
> > Yes...that's the thing I was wondering, 'no secret in database' means
> its able to reach the database, but unable to read/load the
> memcached-sasl-pwdb
> > file. Additionally, I was wondering, if there is need to write
> additional code for some shared secret at client side or any other
> dependencies.
> > Currently, I am directly using memcached_set_sasl_auth_data function in
> the client.
> >
> > Here are the steps to reproduce:
> > 1. I installed the memcached server with the enable-sasl and
> enable-sasl-db.
> > 2. Wrote a c client as attached in the email.
> > 3. Created a file with the username:password entry named
> memcached-sasl-pwdb as shown before.
> > 4. Created a memcached.conf with mech:plain
> > 5. Ran the server using ./memcached -S -vv
> > 6. Ran the client using ./testsasl username password localhost
> >
> > Couple more things to add:
> > 1. I have followed the following wiki:
> > https://github.com/memcached/memcached/wiki/SASLHowto
> >
> > 2. I haven't used this but added the user:pass in the
> memcached-sasl-pwdb file manually.
> >
> >  saslpasswd2 -a memcached -c cacheuser
> > 3. For the SASL library cyrus-sasl-plain, I have installed it, but
> havent used/pointed to it in code or on the server as I did not see steps
> for this.
> >
> > 4.I see its mentioned configure option --enable-sasl-pwdb is not working
> on the wiki, but saw that its there in one of the new PRs.
> > https://github.com/memcached/memcached/issues/365
> >
> >
> > Let me know if you need any additional info from my side.
> >
> > Regards,
> > Om Kale
> >
> >
> >
> > On Friday, April 6, 2018 at 12:45:26 PM UTC-7, Dormando wrote:
> >   No secret in database means it thinks the pwdb is empty (or it
> can't
> >   load/find the pwdb).
> >
> >   I'm not sure why offhand.. I can try to reproduce it but won't
> have time
> >   until later today.
> >
> >   On Fri, 6 Apr 2018, Om Kale wrote:
> >
> >   > Hi Dormando,
> >   > Thanks for the quick reply. I used the environment variable you
> suggested before running the memcached server instance:
> >   > MEMCACHED_SASL_PWDB="/Users/okale/Library/Caches/Homebrew/
> memcached-1.5.7/memcached-sasl-pwdb"
> >   >
> >   > I have added the following in my memcached.conf file (so
> basically tells plain text). I have openssl and openldap installed on my
> machine
> >   but haven't
> >   > specified it any config or pointed to it in the code.
> >   > > OKALE-M-33H5:memcached-1.5.7 okale$ cat memcached.conf
> >   > > mech_list: plain
> >   >
> >   > Now I run:
> >   > ./memcached -S -v
> >   >
> >   > Followed by the client:
> >   > OKALE-M-33H5:mycode okale$ ./testsasl ok hello localhost
> >   > Set failed: AUTHENTICATION FAILURE
> >   >
> >   > But still get the same error as before on the memcached server:
> >   > OKALE-M-33H5:memcached-1.5.7 okale$ export
> MEMCACHED_SASL_PWDB="/Users/okale/Library/Caches/Homebrew/
> memcached-1.5.7/memcached-sasl-pwdb"
> >   > OKALE-M-33H5:memcached-1.5.7 okale$ ./memcached -S -v
> >   > Reading configuration from:  Homebrew/memcached-1.5.7/memcached.conf>
> >   > Initialized SASL.
> >   > mech:  ``SRP'' with 15 bytes of data
> >   > SASL (severity 2): no secret in database
> >   > sasl result code:  -4
> >   > Unknown sasl response:  -4
> >   >
> >   >
> >   >
> >   > You could refer to my attached client code above but I still
> don't understand why it says 'no secret in database'.
> >   >
> >   >
> >   >
> >   > Thanks and Regards,
> >   > Om Kale
> >   >
> >   >
> >   >
> >   >
> >   >
> >   > On Friday, April 6, 2018 at 12:19:17 PM UTC-7, Dormando wrote:
> >   

Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.

[dormando]

Just for sanity's sake, if you look at: t/sasl/memcached.conf in the
tarball, and look at t/binary-sasl.t (look for the section starting with
"my $sasldb =", and build a passwd + configure the pwdb that way, does it
work?

to reiterate; the test config file explicitly declares the path for the db
within memcached.conf, and then adds the passwords to it via the
saslpasswd tool.

Would help rule things out anyway. thanks!

On Fri, 6 Apr 2018, Om Kale wrote:

> Yup, it will be really helpful if you could try and reproduce it.
> Yes...that's the thing I was wondering, 'no secret in database' means its 
> able to reach the database, but unable to read/load the memcached-sasl-pwdb
> file. Additionally, I was wondering, if there is need to write additional 
> code for some shared secret at client side or any other dependencies.
> Currently, I am directly using memcached_set_sasl_auth_data function in the 
> client.
>
> Here are the steps to reproduce:
> 1. I installed the memcached server with the enable-sasl and enable-sasl-db.
> 2. Wrote a c client as attached in the email.
> 3. Created a file with the username:password entry named memcached-sasl-pwdb 
> as shown before.
> 4. Created a memcached.conf with mech:plain
> 5. Ran the server using ./memcached -S -vv
> 6. Ran the client using ./testsasl username password localhost
>
> Couple more things to add:
> 1. I have followed the following wiki:
> https://github.com/memcached/memcached/wiki/SASLHowto
>
> 2. I haven't used this but added the user:pass in the memcached-sasl-pwdb 
> file manually.
>
>  saslpasswd2 -a memcached -c cacheuser
> 3. For the SASL library cyrus-sasl-plain, I have installed it, but havent 
> used/pointed to it in code or on the server as I did not see steps for this.
>
> 4.I see its mentioned configure option --enable-sasl-pwdb is not working on 
> the wiki, but saw that its there in one of the new PRs.
> https://github.com/memcached/memcached/issues/365
>
>
> Let me know if you need any additional info from my side.
>
> Regards,
> Om Kale
>
>
>
> On Friday, April 6, 2018 at 12:45:26 PM UTC-7, Dormando wrote:
>   No secret in database means it thinks the pwdb is empty (or it can't
>   load/find the pwdb).
>
>   I'm not sure why offhand.. I can try to reproduce it but won't have time
>   until later today.
>
>   On Fri, 6 Apr 2018, Om Kale wrote:
>
>   > Hi Dormando,
>   > Thanks for the quick reply. I used the environment variable you 
> suggested before running the memcached server instance:
>   > 
> MEMCACHED_SASL_PWDB="/Users/okale/Library/Caches/Homebrew/memcached-1.5.7/memcached-sasl-pwdb"
>   >
>   > I have added the following in my memcached.conf file (so basically 
> tells plain text). I have openssl and openldap installed on my machine
>   but haven't
>   > specified it any config or pointed to it in the code.
>   > > OKALE-M-33H5:memcached-1.5.7 okale$ cat memcached.conf
>   > > mech_list: plain
>   >
>   > Now I run:
>   > ./memcached -S -v
>   >
>   > Followed by the client:
>   > OKALE-M-33H5:mycode okale$ ./testsasl ok hello localhost
>   > Set failed: AUTHENTICATION FAILURE
>   >
>   > But still get the same error as before on the memcached server:
>   > OKALE-M-33H5:memcached-1.5.7 okale$ export 
> MEMCACHED_SASL_PWDB="/Users/okale/Library/Caches/Homebrew/memcached-1.5.7/memcached-sasl-pwdb"
>   > OKALE-M-33H5:memcached-1.5.7 okale$ ./memcached -S -v
>   > Reading configuration from: 
> 
>   > Initialized SASL.
>   > mech:  ``SRP'' with 15 bytes of data
>   > SASL (severity 2): no secret in database
>   > sasl result code:  -4
>   > Unknown sasl response:  -4
>   >
>   >
>   >
>   > You could refer to my attached client code above but I still don't 
> understand why it says 'no secret in database'.
>   >
>   >
>   >
>   > Thanks and Regards,
>   > Om Kale
>   >
>   >
>   >
>   >
>   >
>   > On Friday, April 6, 2018 at 12:19:17 PM UTC-7, Dormando wrote:
>   >
>   >
>   >       On Fri, 6 Apr 2018, Om Kale wrote:
>   >
>   >       > and then try to run my client, I get the following error on 
> the server:
>   >       >
>   >       >
>   >       > OKALE-M-33H5:memcached-1.5.7 okale$ ./memcached -S -v
>   >       > Reading configuration from: 
> 
>   >       > Initialized SASL.
>   >       > mech:  ``SRP'' with 15 bytes of data
>   >       > SASL (severity 2): no secret in database
>   >       > sasl result code:  -4
>   >       > Unknown sasl response:  -4
>   >       >
>   >       >
>   >       > I have added my username, password in a file called 
> memcached-sasl-pwdb which is located at
>   >       > 
> /Users/okale/Library/Caches/Homebrew/memcached-1.5.7/memcached-sasl-pwdb
>   >       >
>   >       >
>   >       > OKALE-M-33H5:memcached-1.5.7 okale$ cat 

Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.

[Om Kale]

Yup, it will be really helpful if you could try and reproduce it.
Yes...that's the thing I was wondering, 'no secret in database' means its 
able to reach the database, but unable to read/load the memcached-sasl-pwdb 
file. Additionally, I was wondering, if there is need to write additional 
code for some shared secret at client side or any other dependencies. 
Currently, I am directly using memcached_set_sasl_auth_data function in the 
client.

Here are the steps to reproduce:
1. I installed the memcached server with the enable-sasl and enable-sasl-db.
2. Wrote a c client as attached in the email.
3. Created a file with the username:password entry named 
memcached-sasl-pwdb as shown before.
4. Created a memcached.conf with mech:plain
5. Ran the server using ./memcached -S -vv
6. Ran the client using ./testsasl username password localhost

Couple more things to add:
1. I have followed the following wiki:
https://github.com/memcached/memcached/wiki/SASLHowto

2. I haven't used this but added the user:pass in the memcached-sasl-pwdb 
file manually. 

 saslpasswd2 -a memcached -c cacheuser

3. For the SASL library cyrus-sasl-plain, I have installed it, but havent 
used/pointed to it in code or on the server as I did not see steps for this.

4.I see its mentioned configure option --enable-sasl-pwdb is not working on 
the wiki, but saw that its there in one of the new PRs.
https://github.com/memcached/memcached/issues/365


Let me know if you need any additional info from my side.

Regards,
Om Kale



On Friday, April 6, 2018 at 12:45:26 PM UTC-7, Dormando wrote:
>
> No secret in database means it thinks the pwdb is empty (or it can't 
> load/find the pwdb). 
>
> I'm not sure why offhand.. I can try to reproduce it but won't have time 
> until later today. 
>
> On Fri, 6 Apr 2018, Om Kale wrote: 
>
> > Hi Dormando, 
> > Thanks for the quick reply. I used the environment variable you 
> suggested before running the memcached server instance: 
> > 
> MEMCACHED_SASL_PWDB="/Users/okale/Library/Caches/Homebrew/memcached-1.5.7/memcached-sasl-pwdb"
>  
>
> > 
> > I have added the following in my memcached.conf file (so basically tells 
> plain text). I have openssl and openldap installed on my machine but 
> haven't 
> > specified it any config or pointed to it in the code. 
> > > OKALE-M-33H5:memcached-1.5.7 okale$ cat memcached.conf 
> > > mech_list: plain 
> > 
> > Now I run: 
> > ./memcached -S -v 
> > 
> > Followed by the client: 
> > OKALE-M-33H5:mycode okale$ ./testsasl ok hello localhost 
> > Set failed: AUTHENTICATION FAILURE 
> > 
> > But still get the same error as before on the memcached server: 
> > OKALE-M-33H5:memcached-1.5.7 okale$ export 
> MEMCACHED_SASL_PWDB="/Users/okale/Library/Caches/Homebrew/memcached-1.5.7/memcached-sasl-pwdb"
>  
>
> > OKALE-M-33H5:memcached-1.5.7 okale$ ./memcached -S -v 
> > Reading configuration from: 
>  
> > Initialized SASL. 
> > mech:  ``SRP'' with 15 bytes of data 
> > SASL (severity 2): no secret in database 
> > sasl result code:  -4 
> > Unknown sasl response:  -4 
> > 
> > 
> > 
> > You could refer to my attached client code above but I still don't 
> understand why it says 'no secret in database'. 
> > 
> > 
> > 
> > Thanks and Regards, 
> > Om Kale 
> > 
> > 
> > 
> > 
> > 
> > On Friday, April 6, 2018 at 12:19:17 PM UTC-7, Dormando wrote: 
> > 
> > 
> >   On Fri, 6 Apr 2018, Om Kale wrote: 
> > 
> >   > and then try to run my client, I get the following error on the 
> server: 
> >   > 
> >   > 
> >   > OKALE-M-33H5:memcached-1.5.7 okale$ ./memcached -S -v 
> >   > Reading configuration from: 
>  
> >   > Initialized SASL. 
> >   > mech:  ``SRP'' with 15 bytes of data 
> >   > SASL (severity 2): no secret in database 
> >   > sasl result code:  -4 
> >   > Unknown sasl response:  -4 
> >   > 
> >   > 
> >   > I have added my username, password in a file called 
> memcached-sasl-pwdb which is located at 
> >   > 
> /Users/okale/Library/Caches/Homebrew/memcached-1.5.7/memcached-sasl-pwdb 
> >   > 
> >   > 
> >   > OKALE-M-33H5:memcached-1.5.7 okale$ cat memcached-sasl-pwdb 
> >   > ok:hello 
> >   > 
> >   > 
> >   > 
> >   > My memcached.conf located at 
> /Users/okale/Library/Caches/Homebrew/memcached-1.5.7/memcached.conf and 
> contains: 
> >   > 
> >   > 
> >   > OKALE-M-33H5:memcached-1.5.7 okale$ cat memcached.conf 
> >   > mech_list: plain 
> >   > 
> >   > 
> >   > I have a couple of questions: 
> >   > 1. How can the memcached server on start up know the configured 
> users and the username:password details. (Does it read it from 
> >   memcached-sasl-pwdb? If 
> >   > yes, how do I configure it/point to it?) 
> > 
> >   I guess the wiki didn't get fully updated :( If you use PWDB, it's 
> via 
> >   MEMCACHED_SASL_PWDB as an environment variable, so: 
> >   $ 
> >   
> 

Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.

[dormando]

No secret in database means it thinks the pwdb is empty (or it can't
load/find the pwdb).

I'm not sure why offhand.. I can try to reproduce it but won't have time
until later today.

On Fri, 6 Apr 2018, Om Kale wrote:

> Hi Dormando,
> Thanks for the quick reply. I used the environment variable you suggested 
> before running the memcached server instance:
> MEMCACHED_SASL_PWDB="/Users/okale/Library/Caches/Homebrew/memcached-1.5.7/memcached-sasl-pwdb"
>
> I have added the following in my memcached.conf file (so basically tells 
> plain text). I have openssl and openldap installed on my machine but haven't
> specified it any config or pointed to it in the code.
> > OKALE-M-33H5:memcached-1.5.7 okale$ cat memcached.conf
> > mech_list: plain
>
> Now I run:
> ./memcached -S -v
>
> Followed by the client:
> OKALE-M-33H5:mycode okale$ ./testsasl ok hello localhost
> Set failed: AUTHENTICATION FAILURE
>
> But still get the same error as before on the memcached server:
> OKALE-M-33H5:memcached-1.5.7 okale$ export 
> MEMCACHED_SASL_PWDB="/Users/okale/Library/Caches/Homebrew/memcached-1.5.7/memcached-sasl-pwdb"
> OKALE-M-33H5:memcached-1.5.7 okale$ ./memcached -S -v
> Reading configuration from: 
> 
> Initialized SASL.
> mech:  ``SRP'' with 15 bytes of data
> SASL (severity 2): no secret in database
> sasl result code:  -4
> Unknown sasl response:  -4
>
>
>
> You could refer to my attached client code above but I still don't understand 
> why it says 'no secret in database'.
>
>
>
> Thanks and Regards,
> Om Kale
>
>
>
>
>
> On Friday, April 6, 2018 at 12:19:17 PM UTC-7, Dormando wrote:
>
>
>   On Fri, 6 Apr 2018, Om Kale wrote:
>
>   > and then try to run my client, I get the following error on the 
> server:
>   >
>   >
>   > OKALE-M-33H5:memcached-1.5.7 okale$ ./memcached -S -v
>   > Reading configuration from: 
> 
>   > Initialized SASL.
>   > mech:  ``SRP'' with 15 bytes of data
>   > SASL (severity 2): no secret in database
>   > sasl result code:  -4
>   > Unknown sasl response:  -4
>   >
>   >
>   > I have added my username, password in a file called 
> memcached-sasl-pwdb which is located at
>   > 
> /Users/okale/Library/Caches/Homebrew/memcached-1.5.7/memcached-sasl-pwdb
>   >
>   >
>   > OKALE-M-33H5:memcached-1.5.7 okale$ cat memcached-sasl-pwdb
>   > ok:hello
>   >
>   >
>   >
>   > My memcached.conf located at 
> /Users/okale/Library/Caches/Homebrew/memcached-1.5.7/memcached.conf and 
> contains:
>   >
>   >
>   > OKALE-M-33H5:memcached-1.5.7 okale$ cat memcached.conf
>   > mech_list: plain
>   >
>   >
>   > I have a couple of questions:
>   > 1. How can the memcached server on start up know the configured users 
> and the username:password details. (Does it read it from
>   memcached-sasl-pwdb? If
>   > yes, how do I configure it/point to it?)
>
>   I guess the wiki didn't get fully updated :( If you use PWDB, it's via
>   MEMCACHED_SASL_PWDB as an environment variable, so:
>   $
>   
> MEMCACHED_SASL_PWDB="/Users/okale/Library/Caches/Homebrew/memcached-1.5.7/memcached-sasl-pwdb"
>   ./memcached -S -v
>
>
>   > 2. What's the use of the memcached.conf file in the "Reading 
> configuration from:
>   "
>
>   Stating the supported mechanisms for sasl authentication (ie; the 
> at-rest
>   state of the password data)
>
>   > in the output. I am presuming this read will tell the memcached 
> server the username:password details. If yes, what should be the location
>   of this file
>   > 3. Do I need to install/point to any additional ssl libraries during 
> server bring up?
>
>   Should be answered above. Hopefully that works for you
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups 
> "memcached" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to memcached+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>
>

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"memcached" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to memcached+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.

[Om Kale]

Hi Dormando,
Thanks for the quick reply. I used the environment variable you suggested 
before running the memcached server instance: 
MEMCACHED_SASL_PWDB="/Users/
okale/Library/Caches/Homebrew/memcached-1.5.7/memcached-sasl-pwdb"

I have added the following in my memcached.conf file (so basically tells 
plain text). I have openssl and openldap installed on my machine but 
haven't specified it any config or pointed to it in the code. 
> OKALE-M-33H5:memcached-1.5.7 okale$ cat memcached.conf 
> mech_list: plain

Now I run:
./memcached -S -v 

Followed by the client:
OKALE-M-33H5:mycode okale$ ./testsasl ok hello localhost
Set failed: AUTHENTICATION FAILURE

But still get the same error as before on the memcached server:
OKALE-M-33H5:memcached-1.5.7 okale$ export 
MEMCACHED_SASL_PWDB="/Users/okale/Library/Caches/Homebrew/memcached-1.5.7/memcached-sasl-pwdb"
OKALE-M-33H5:memcached-1.5.7 okale$ ./memcached -S -v
Reading configuration from: 

Initialized SASL.
mech:  ``SRP'' with 15 bytes of data
SASL (severity 2): no secret in database
sasl result code:  -4
Unknown sasl response:  -4



You could refer to my attached client code above but I still don't 
understand why it says 'no secret in database'.



Thanks and Regards,
Om Kale





On Friday, April 6, 2018 at 12:19:17 PM UTC-7, Dormando wrote:
>
>
>
> On Fri, 6 Apr 2018, Om Kale wrote: 
>
> > and then try to run my client, I get the following error on the server: 
> > 
> > 
> > OKALE-M-33H5:memcached-1.5.7 okale$ ./memcached -S -v 
> > Reading configuration from: 
>  
> > Initialized SASL. 
> > mech:  ``SRP'' with 15 bytes of data 
> > SASL (severity 2): no secret in database 
> > sasl result code:  -4 
> > Unknown sasl response:  -4 
> > 
> > 
> > I have added my username, password in a file called memcached-sasl-pwdb 
> which is located at 
> > /Users/okale/Library/Caches/Homebrew/memcached-1.5.7/memcached-sasl-pwdb 
> > 
> > 
> > OKALE-M-33H5:memcached-1.5.7 okale$ cat memcached-sasl-pwdb 
> > ok:hello 
> > 
> > 
> > 
> > My memcached.conf located at 
> /Users/okale/Library/Caches/Homebrew/memcached-1.5.7/memcached.conf and 
> contains: 
> > 
> > 
> > OKALE-M-33H5:memcached-1.5.7 okale$ cat memcached.conf 
> > mech_list: plain 
> > 
> > 
> > I have a couple of questions: 
> > 1. How can the memcached server on start up know the configured users 
> and the username:password details. (Does it read it from 
> memcached-sasl-pwdb? If 
> > yes, how do I configure it/point to it?) 
>
> I guess the wiki didn't get fully updated :( If you use PWDB, it's via 
> MEMCACHED_SASL_PWDB as an environment variable, so: 
> $ 
> MEMCACHED_SASL_PWDB="/Users/okale/Library/Caches/Homebrew/memcached-1.5.7/memcached-sasl-pwdb"
>  
>
> ./memcached -S -v 
>
>
> > 2. What's the use of the memcached.conf file in the "Reading 
> configuration from: 
> " 
>
> Stating the supported mechanisms for sasl authentication (ie; the at-rest 
> state of the password data) 
>
> > in the output. I am presuming this read will tell the memcached server 
> the username:password details. If yes, what should be the location of this 
> file 
> > 3. Do I need to install/point to any additional ssl libraries during 
> server bring up? 
>
> Should be answered above. Hopefully that works for you

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"memcached" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to memcached+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.

[dormando]

On Fri, 6 Apr 2018, Om Kale wrote:

> and then try to run my client, I get the following error on the server:
>
>
> OKALE-M-33H5:memcached-1.5.7 okale$ ./memcached -S -v
> Reading configuration from: 
> 
> Initialized SASL.
> mech:  ``SRP'' with 15 bytes of data
> SASL (severity 2): no secret in database
> sasl result code:  -4
> Unknown sasl response:  -4
>
>
> I have added my username, password in a file called memcached-sasl-pwdb which 
> is located at
> /Users/okale/Library/Caches/Homebrew/memcached-1.5.7/memcached-sasl-pwdb
>
>
> OKALE-M-33H5:memcached-1.5.7 okale$ cat memcached-sasl-pwdb
> ok:hello
>
>
>
> My memcached.conf located at 
> /Users/okale/Library/Caches/Homebrew/memcached-1.5.7/memcached.conf and 
> contains:
>
>
> OKALE-M-33H5:memcached-1.5.7 okale$ cat memcached.conf
> mech_list: plain
>
>
> I have a couple of questions:
> 1. How can the memcached server on start up know the configured users and the 
> username:password details. (Does it read it from memcached-sasl-pwdb? If
> yes, how do I configure it/point to it?)

I guess the wiki didn't get fully updated :( If you use PWDB, it's via
MEMCACHED_SASL_PWDB as an environment variable, so:
$
MEMCACHED_SASL_PWDB="/Users/okale/Library/Caches/Homebrew/memcached-1.5.7/memcached-sasl-pwdb"
./memcached -S -v


> 2. What's the use of the memcached.conf file in the "Reading configuration 
> from: "

Stating the supported mechanisms for sasl authentication (ie; the at-rest
state of the password data)

> in the output. I am presuming this read will tell the memcached server the 
> username:password details. If yes, what should be the location of this file
> 3. Do I need to install/point to any additional ssl libraries during server 
> bring up?

Should be answered above. Hopefully that works for you

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"memcached" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to memcached+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Regarding setting up SASL with memcached server and getting a memcached client to associate with server.

[Om Kale]

Hi All,
I am new to memcached and have started working on it for the past couple 
weeks.
*My use case is creating a SASL enabled client and successfully get/set 
into memcache server using authentication.*

I have enabled SASL and enabled SASL-PWDB in the brew install itself:

brew install memcached --enable-sasl --enable-sasl-pwdb


I have written a simple memcached client using libmemcached which looks 
like this: (Using: memcached_set_sasl_auth_data)


/*
 * Test that libmemcached is built with SASL support.
 */
#include 
#include 
#include 

const char* key = "abc";
const char* value = "value";

// test basic get/set operation works.
void test_getset(memcached_st* cache)
{
  char* r_value;
  uint32_t flags = 0;
  uint32_t r_flags = 0;
  size_t val_length;
  memcached_return_t rc;

  rc = memcached_set(cache, key, strlen(key), value, strlen(value), 
(time_t)0, flags);
  if (rc == MEMCACHED_TIMEOUT) {
fprintf(stderr, "Set timeout\n");
return;
  } else if (rc != MEMCACHED_SUCCESS) {
fprintf(stderr, "Set failed: %s\n", memcached_strerror(cache, rc));
return;
  }

  r_value = memcached_get(cache, key, strlen(key), _length, _flags, 
);
  if (rc == MEMCACHED_TIMEOUT) {
fprintf(stderr, "Get timeout\n");
return;
  } else if (rc != MEMCACHED_SUCCESS) {
fprintf(stderr, "Get failed: %s\n", memcached_strerror(cache, rc));
return;
  }

  if (strcmp(value, r_value) != 0) {
fprintf(stderr, "Get returned bad value! (%s != %s)!\n", value, 
r_value);
  }

  if (r_flags != flags) {
fprintf(stderr, "Get returned bad flags! (%u != %u)!\n", flags, 
r_flags);
  }

  fprintf(stdout, "Get/Set success!\n");
}

// connect with SASL.
void authTest(const char* user, const char* pass, const char* server)
{
  memcached_server_st *servers = NULL;
  memcached_return_t rc;
  memcached_st *cache;

  cache = memcached_create(NULL);

  rc = memcached_set_sasl_auth_data(cache, user, pass);
  if (rc != MEMCACHED_SUCCESS)
fprintf(stderr, "Couldn't setup SASL auth: %s\n", 
memcached_strerror(cache, rc));

  rc = memcached_behavior_set(cache, MEMCACHED_BEHAVIOR_BINARY_PROTOCOL, 1);
  if (rc != MEMCACHED_SUCCESS)
fprintf(stderr, "Couldn't use the binary protocol: %s\n", 
memcached_strerror(cache, rc));

  rc = memcached_behavior_set(cache, MEMCACHED_BEHAVIOR_CONNECT_TIMEOUT, 
1);
  if (rc != MEMCACHED_SUCCESS)
fprintf(stderr, "Couldn't set the connect timeout: %s\n", 
memcached_strerror(cache, rc));

  servers = memcached_server_list_append(servers, "localhost", 11211, );
  rc = memcached_server_push(cache, servers);

  if (rc != MEMCACHED_SUCCESS)
fprintf(stderr, "Couldn't add server: %s\n", memcached_strerror(cache, 
rc));
  
  test_getset(cache);

  memcached_free(cache);
}

// start program.
int main(int argv, char *args[])
{
  if (argv != 4) {
fprintf(stderr, "ERROR: usage => %s [username] [password] [server]\n", 
args[0]);
return 1;
  }
  
  authTest(args[1], args[2], args[3]);
  return 0;
}


Now when I run the memcached server using:

memcached -S -vv

and then try to run my client, I get the following error on the server:


OKALE-M-33H5:memcached-1.5.7 okale$ ./memcached -S -v
Reading configuration from: 

Initialized SASL.
mech:  ``SRP'' with 15 bytes of data
SASL (severity 2): no secret in database
sasl result code:  -4
Unknown sasl response:  -4



On the client side, I see the following:

OKALE-M-33H5:mycode okale$ ./testsasl ok hello localhost
Set failed: AUTHENTICATION FAILURE
OKALE-M-33H5:mycode okale$



I have added my username, password in a file called memcached-sasl-pwdb 
which is located at 
/Users/okale/Library/Caches/Homebrew/memcached-1.5.7/memcached-sasl-pwdb


OKALE-M-33H5:memcached-1.5.7 okale$ cat memcached-sasl-pwdb
ok:hello



My memcached.conf located at 
/Users/okale/Library/Caches/Homebrew/memcached-1.5.7/memcached.conf and 
contains: 


OKALE-M-33H5:memcached-1.5.7 okale$ cat memcached.conf
mech_list: plain


I have a couple of questions:
1. How can the memcached server on start up know the configured users and 
the username:password details. (Does it read it from memcached-sasl-pwdb? 
If yes, how do I configure it/point to it?)
2. What's the use of the memcached.conf file in the "Reading configuration 
from: 
" in 
the output. I am presuming this read will tell the memcached server the 
username:password details. If yes, what should be the location of this file
3. Do I need to install/point to any additional ssl libraries during server 
bring up?

Please refer attachment for the verbose memcached server log.

Help will be much appreciated.

Thanks and Regards,
Om Kale

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"memcached" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to memcached+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


memcachedserververbose.rtf
Description: RTF file