Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.
Okcouple of follow up questions on the same: 1. Inorder to enable/set up stunnel on memcached server, I need to create certificates using openssl. How do I execute the openssl certificate generation on memcached server? Also, after this how could I distribute this to client? 2. Additionally, when you say 'you can modify libmemcached to use OpenSSL directly', you mean setting up the socket connections in client to support SSL/TLS, corect? Thanks and Regards, Om Kale On Mon, May 7, 2018 at 1:11 PM, dormando <dorma...@rydia.net> wrote: > hmm. I guess so... > > re: stunnel, as I detailed you still have to get the client (libmemcached) > to talk over TLS. For the server, no change. > > For the client, you could prototype by having stunnel local to the client > and connect through that. so you have stunnel talking to stunnel. If > that's not something you can deploy for clients, you can modify > libmemcached to use OpenSSL directly, which should be easier than > modifying the server. > > On Mon, 7 May 2018, Om Kale wrote: > > > The problem with libsasl2 was regarding license. Also, I am unsure if > libsasl2 will give me an ability to perform some sort of certificate based > > authentication.One more question I had was, would the use of stunnel > need any code change with memached codebase? > > > > Thanks and Regards,Om Kale > > > > > > On Mon, May 7, 2018 at 12:40 PM, dormando <dorma...@rydia.net> wrote: > > Hey, > > > > Just to be clear: I'm completely positive you can make this work > with just > > the libsasl2 that comes with openwrt, you don't need to rebuild > it. the > > problem is you can't use sasl over an untrusted network: SASL is > supposed > > to be used underneath TLS or a trusted network. > > > > Either way, try stunnel. that might just make your life easier in > both > > directions, it's fairly simple. > > > > On Mon, 7 May 2018, Om Kale wrote: > > > > > Hi Dormando and Trond,I think I will first try Dormando's > suggestion of stunnel before delving into changing the memcached code > itself. I > > haven't read > > > much about stunnel, so will need to look into it in some detail. > > > Again, thanks a lot for the support. It would have been very > good if I could have used sasl (using libsasl2) directly but because of the > > GPLV3 license > > > requirements that is a problem. > > > I will keep you updated with my progress. > > > > > > > > > Thanks and Regards,Om Kale > > > > > > On Sat, May 5, 2018 at 4:53 PM, dormando <dorma...@rydia.net> > wrote: > > > > On Fri, May 4, 2018 at 10:46 PM dormando < > dorma...@rydia.net> wrote: > > > > > > > > The closest would be SCRAM-SHA-256/512 mechanism, > but the RFC for that states "in combination with TLS" up front, and I'd be > > wary of > > > using it > > > > over the internet as well. > > > > > > > > > > > > If we ignore TLS for a second and just look at SCRAM it > is fairly easy to implement a minimalistic support for those mechanisms > > within > > > SASL. There is > > > > however one huge problem by using them in memcached > without doing major refactoring in the SASL support in memcached. By design > > SCRAM use a > > > hashing > > > > function with an iteration count, which should be set > high enough to burn enough CPU on both the client and the server to make > > brute force > > > attacks > > > > "impossible" (the RFC states that for SCRAM-SHA1 it > should be _at least 4096_). Given that the memcached runs the SASL > operations > > in the > > > _front end > > > > threads_, it would block all the clients bound to that > thread every time someone tries to authenticate. If there is clients > > connecting all > > > the time one > > > > could end up with all worker threads running PBKDF2 > hashing and all other operations timing out ;) > > > > > > > > In order to add support for SCRAM you would have to move > the hashing over to a separate thread, and there is not an infrastructure > > for such > > > th
Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.
The problem with libsasl2 was regarding license. Also, I am unsure if libsasl2 will give me an ability to perform some sort of certificate based authentication. One more question I had was, would the use of stunnel need any code change with memached codebase? Thanks and Regards, Om Kale On Mon, May 7, 2018 at 12:40 PM, dormando <dorma...@rydia.net> wrote: > Hey, > > Just to be clear: I'm completely positive you can make this work with just > the libsasl2 that comes with openwrt, you don't need to rebuild it. the > problem is you can't use sasl over an untrusted network: SASL is supposed > to be used underneath TLS or a trusted network. > > Either way, try stunnel. that might just make your life easier in both > directions, it's fairly simple. > > On Mon, 7 May 2018, Om Kale wrote: > > > Hi Dormando and Trond,I think I will first try Dormando's suggestion of > stunnel before delving into changing the memcached code itself. I haven't > read > > much about stunnel, so will need to look into it in some detail. > > Again, thanks a lot for the support. It would have been very good if I > could have used sasl (using libsasl2) directly but because of the GPLV3 > license > > requirements that is a problem. > > I will keep you updated with my progress. > > > > > > Thanks and Regards,Om Kale > > > > On Sat, May 5, 2018 at 4:53 PM, dormando <dorma...@rydia.net> wrote: > > > On Fri, May 4, 2018 at 10:46 PM dormando <dorma...@rydia.net> > wrote: > > > > > > The closest would be SCRAM-SHA-256/512 mechanism, but the > RFC for that states "in combination with TLS" up front, and I'd be wary of > > using it > > > over the internet as well. > > > > > > > > > If we ignore TLS for a second and just look at SCRAM it is > fairly easy to implement a minimalistic support for those mechanisms within > > SASL. There is > > > however one huge problem by using them in memcached without > doing major refactoring in the SASL support in memcached. By design SCRAM > use a > > hashing > > > function with an iteration count, which should be set high > enough to burn enough CPU on both the client and the server to make brute > force > > attacks > > > "impossible" (the RFC states that for SCRAM-SHA1 it should be > _at least 4096_). Given that the memcached runs the SASL operations in the > > _front end > > > threads_, it would block all the clients bound to that thread > every time someone tries to authenticate. If there is clients connecting all > > the time one > > > could end up with all worker threads running PBKDF2 hashing and > all other operations timing out ;) > > > > > > In order to add support for SCRAM you would have to move the > hashing over to a separate thread, and there is not an infrastructure for > such > > thing in the > > > current memcached implementation so it would be a lot of work ;) > > > > > > > There are actually mechanisms for passing connections to other > threads in > > the code now :) It's used in a few places. It's not incredibly > fast but > > connection rates typically aren't high enough to bother it. You'd > still > > burn out your CPU though... > > > > but, it's moot. if you don't trust your network you can't just use > SASL. > > :/ > > > > > Dormandos suggestion with stunnel (or ipsec) sounds like the > least amount of work, but if you _really_ don't want that (or you for some > > reason really > > > want to implement something yourself) you could look into > changing memcached to use libevents bufferevents instead of the "basic" > form it > > use today, and > > > then add support for using the SSL level on top of bufferevents. > I haven't tested this so I have no idea of the overhead of this and how it > > would affect > > > the overall performance. Unless all your clients want to use SSL > you probably want a dedicated port and thread pool serving these > > connections. It all > > > depends on the performance requirements you've got... > > > > I'm more concerned about the poor person ending up stuck with a > fork after > > weeks of work.. it's not exactly a straightforward change. I do > intend to > > add TLS support this year. Would help if someone sponsored the > work though > >
Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.
Hi Dormando and Trond, I think I will first try Dormando's suggestion of stunnel before delving into changing the memcached code itself. I haven't read much about stunnel, so will need to look into it in some detail. Again, thanks a lot for the support. It would have been very good if I could have used sasl (using libsasl2) directly but because of the GPLV3 license requirements that is a problem. I will keep you updated with my progress. Thanks and Regards, Om Kale On Sat, May 5, 2018 at 4:53 PM, dormando <dorma...@rydia.net> wrote: > > On Fri, May 4, 2018 at 10:46 PM dormando <dorma...@rydia.net> wrote: > > > > The closest would be SCRAM-SHA-256/512 mechanism, but the RFC for > that states "in combination with TLS" up front, and I'd be wary of using it > > over the internet as well. > > > > > > If we ignore TLS for a second and just look at SCRAM it is fairly easy > to implement a minimalistic support for those mechanisms within SASL. There > is > > however one huge problem by using them in memcached without doing major > refactoring in the SASL support in memcached. By design SCRAM use a hashing > > function with an iteration count, which should be set high enough to > burn enough CPU on both the client and the server to make brute force > attacks > > "impossible" (the RFC states that for SCRAM-SHA1 it should be _at least > 4096_). Given that the memcached runs the SASL operations in the _front end > > threads_, it would block all the clients bound to that thread every time > someone tries to authenticate. If there is clients connecting all the time > one > > could end up with all worker threads running PBKDF2 hashing and all > other operations timing out ;) > > > > In order to add support for SCRAM you would have to move the hashing > over to a separate thread, and there is not an infrastructure for such > thing in the > > current memcached implementation so it would be a lot of work ;) > > > > There are actually mechanisms for passing connections to other threads in > the code now :) It's used in a few places. It's not incredibly fast but > connection rates typically aren't high enough to bother it. You'd still > burn out your CPU though... > > but, it's moot. if you don't trust your network you can't just use SASL. > :/ > > > Dormandos suggestion with stunnel (or ipsec) sounds like the least > amount of work, but if you _really_ don't want that (or you for some reason > really > > want to implement something yourself) you could look into changing > memcached to use libevents bufferevents instead of the "basic" form it use > today, and > > then add support for using the SSL level on top of bufferevents. I > haven't tested this so I have no idea of the overhead of this and how it > would affect > > the overall performance. Unless all your clients want to use SSL you > probably want a dedicated port and thread pool serving these connections. > It all > > depends on the performance requirements you've got... > > I'm more concerned about the poor person ending up stuck with a fork after > weeks of work.. it's not exactly a straightforward change. I do intend to > add TLS support this year. Would help if someone sponsored the work though > :P > > -- > > --- > You received this message because you are subscribed to the Google Groups > "memcached" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to memcached+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "memcached" group. To unsubscribe from this group and stop receiving emails from it, send an email to memcached+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.
Hey Dormando, I have figured the stunnel approach and it works. So AUTH is figured out. Thanks for the guidance. Now. I have one more question about encryption. SASL requires binary protocol to be enabled. However, if I use binary protocol, the set encyption key function by libmemcached fails: void memcached_set_encoding_key(memcached_st <http://docs.libmemcached.org/memcached_create.html#memcached_st>* *ptr*, const char* *string*, const size_t <http://docs.libmemcached.org/types.html#size_t>* string_length*)¶ <http://docs.libmemcached.org/libmemcached-1.0/memcached_set_encoding_key.html#memcached_set_encoding_key> When I use the above with binary protocol, the value set using memcached set and received with memcached get do not match. Is there a specific reason why only binary protocol can be used for sasl auth in memcached? Thanks and Regards, Om Kale On Mon, May 7, 2018 at 5:17 PM, dormando <dorma...@rydia.net> wrote: > On Mon, 7 May 2018, Om Kale wrote: > > > Okcouple of follow up questions on the same:1. Inorder to enable/set > up stunnel on memcached server, I need to create certificates using > openssl. How > > do I execute the openssl certificate generation on memcached server? > Also, after this how could I distribute this to client? > > There are lots of guides online about how to manage certificates; that is > beyond the scope of this mailing list. I will give you a hint though: that > you don't need to generate the certificates from any particular place. > > > 2. Additionally, when you say 'you can modify libmemcached to use > OpenSSL directly', you mean setting up the socket connections in client to > support > > SSL/TLS, corect? > > Yes. > > > > > Thanks and Regards,Om Kale > > > > > > On Mon, May 7, 2018 at 1:11 PM, dormando <dorma...@rydia.net> wrote: > > hmm. I guess so... > > > > re: stunnel, as I detailed you still have to get the client > (libmemcached) > > to talk over TLS. For the server, no change. > > > > For the client, you could prototype by having stunnel local to the > client > > and connect through that. so you have stunnel talking to stunnel. > If > > that's not something you can deploy for clients, you can modify > > libmemcached to use OpenSSL directly, which should be easier than > > modifying the server. > > > > On Mon, 7 May 2018, Om Kale wrote: > > > > > The problem with libsasl2 was regarding license. Also, I am > unsure if libsasl2 will give me an ability to perform some sort of > certificate > > based > > > authentication.One more question I had was, would the use of > stunnel need any code change with memached codebase? > > > > > > Thanks and Regards,Om Kale > > > > > > > > > On Mon, May 7, 2018 at 12:40 PM, dormando <dorma...@rydia.net> > wrote: > > > Hey, > > > > > > Just to be clear: I'm completely positive you can make > this work with just > > > the libsasl2 that comes with openwrt, you don't need to > rebuild it. the > > > problem is you can't use sasl over an untrusted network: > SASL is supposed > > > to be used underneath TLS or a trusted network. > > > > > > Either way, try stunnel. that might just make your life > easier in both > > > directions, it's fairly simple. > > > > > > On Mon, 7 May 2018, Om Kale wrote: > > > > > > > Hi Dormando and Trond,I think I will first try > Dormando's suggestion of stunnel before delving into changing the memcached > code > > itself. I > > > haven't read > > > > much about stunnel, so will need to look into it in some > detail. > > > > Again, thanks a lot for the support. It would have been > very good if I could have used sasl (using libsasl2) directly but because > > of the > > > GPLV3 license > > > > requirements that is a problem. > > > > I will keep you updated with my progress. > > > > > > > > > > > > Thanks and Regards,Om Kale > > > > > > > > On Sat, May 5, 2018 at 4:53 PM, dormando < > dorma...@rydia.net> wrote: > > > > > On Fri, May 4, 2018 at 10:46 PM dormando < > dorma...@rydia
Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.
Hi Dormando, Hope your doing well and thanks for all the help you have been providing. One quick question on using other SASL mechanisms like DIGEST-MD5, CRAM-MD5. Apart from adding them to the memcached.conf under mech_list, is there other chages needed on client side code/ memcached-sasl-pwdb to support these other mechanisms. Currently I have just made the change in the memcached.conf file as follows (just a change in the mech_list): mech_list: DIGEST-MD5 log_level: 5 sasldb_path: /home/cisco/sasl/memcached-sasl-pwdb It gives me following errors on server side: <28 new binary client connection. <28 Read binary protocol data: <280x80 0x20 0x00 0x00 <280x00 0x00 0x00 0x00 <280x00 0x00 0x00 0x00 <280x00 0x02 0x00 0x00 <280x00 0x00 0x00 0x00 <280x00 0x00 0x00 0x00 authenticated() in cmd 0x20 is true >28 Writing bin response: >28 0x81 0x20 0x00 0x00 >28 0x00 0x00 0x00 0x00 >28 0x00 0x00 0x00 0x0a >28 0x00 0x02 0x00 0x00 >28 0x00 0x00 0x00 0x00 >28 0x00 0x00 0x00 0x00 <28 Read binary protocol data: <280x80 0x21 0x00 0x0a <280x00 0x00 0x00 0x00 <280x00 0x00 0x00 0x0a <280x00 0x02 0x00 0x00 <280x00 0x00 0x00 0x00 <280x00 0x00 0x00 0x00 authenticated() in cmd 0x21 is true mech: ``DIGEST-MD5'' with 0 bytes of data SASL (severity 5): DIGEST-MD5 server step 1 sasl result code: 1 >28 Writing bin response: >28 0x81 0x21 0x00 0x00 >28 0x00 0x00 0x00 0x21 >28 0x00 0x00 0x00 0x7b >28 0x00 0x02 0x00 0x00 >28 0x00 0x00 0x00 0x00 >28 0x00 0x00 0x00 0x00 <28 connection closed. SASL (severity 5): DIGEST-MD5 common mech dispose Thanks and Regards, Om Kale On Tue, Apr 17, 2018 at 7:25 PM, Om Kale <omkal...@gmail.com> wrote: > Hi Dormando, > Don't worry about it. I figured it out. I had to make some changes in the > cyrus-sasl config files and re-configure and then make memcached again. > Also had to re-configure libmemcached with --enable-sasl option. > Looking forward to your token based implementation. > > Regards, > Om Kale > On Tue, Apr 17, 2018, 7:04 PM dormando <dorma...@rydia.net> wrote: > >> Ah, I think you're stuck with SASL then. >> >> If I try to help you further I'll just be googling cyrus stuff and reading >> its source code; it's not really something I can help you with, sorry :( >> >> On Tue, 17 Apr 2018, Om Kale wrote: >> >> > Unique to the client. >> > >> > Thanks and Regards, >> > Om Kale >> > >> > On Tue, Apr 17, 2018 at 3:41 PM, dormando <dorma...@rydia.net> wrote: >> > Are you saying the tokens need to be unique to each client, or >> can they >> > all share a single token? >> > >> > On Tue, 17 Apr 2018, Om Kale wrote: >> > >> > > So my wireless application needs authentication support before >> a trusted client can do a get/set. >> > > As long as I can do this, the underlying mechanism is not that >> critical. The token proposol can also work but again there should be a >> > mechanism where >> > > server authenticates for the clients and the number of clients >> can be pretty large. >> > > >> > > Thanks and Regards,Om Kale >> > > >> > > >> > > On Tue, Apr 17, 2018 at 3:25 PM, dormando <dorma...@rydia.net> >> wrote: >> > > Also, I should ask again; do you need SASL in specific or >> would something >> > > like my authentication token proposal from a week ago >> work? >> > > >> > > On Tue, 17 Apr 2018, dormando wrote: >> > > >> > > > "failed to list sasl mechanisms" is beyond my knowledge >> :/ you might not >> > > > have config files for cyrus sasl. you should search >> their >> > > > knowledgebases/mails/etc. >> > > > >> > > > On Tue, 17 Apr 2018, Om Kale wrote: >> > > > >> > > > > Sorry about that it was a typo in the email: >> > > > > >> > > > > :~/sasl$ cat memcached.conf >> > > > > mech_list: plain >> > > > > log_level: 5 >> > > > > sasldb_path: /home/okale/sasl/memcached-sasl-pwdb >> > > > > >> > > > > >> > > > > :~/sasl$ pwd >> > > > > /home/o
Getting hostnames of servers where a particular key is stored when ketama hashing and replication is enabled
Hi All, I have enabled replication (using --NUMBER_OF_REPLICAS) and ketama hashing. This means, I will have replicas of keys stored on different servers memntioned in my server list. My question is, is there any way of retrieving the list of servers where replicas of a particular key lie, in libmemcached? Example: If I give a key, I need all the servers where replicas of that key are stored. For getting one server where key is stored, I use this: const struct memcached_instance_st *server; server = const memcached_instance_st * memcached_server_by_key(memcached_st <http://docs.libmemcached.org/memcached_create.html#memcached_st>* *ptr*, const char* *key*, size_t <http://docs.libmemcached.org/types.html#size_t> * key_length*, memcached_return_t <http://docs.libmemcached.org/libmemcached/memcached_return_t.html#memcached_return_t> * *error*); However, I am unable to print the hostname from the returned structure using server->hostnamein a .c file. Can this info not be printed?Thanks and Regards, Om Kale -- --- You received this message because you are subscribed to the Google Groups "memcached" group. To unsubscribe from this group and stop receiving emails from it, send an email to memcached+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: Getting hostnames of servers where a particular key is stored when ketama hashing and replication is enabled
The reason I am trying to do this is for better debugging. In case something goes wrong in the system and I am unable to get the value stored for a particular key, I can go ahead and use this functionality to understand on which server that particular key is stored. Also, the second question about why the printing doesn't work. Is there any other way to check on which server a key is stored. Additionally, when you say brute force, how would I be able to do it on memcached server as I will not know on which server instance the key is stored. Could you please elaborate on this? Thanks and Regards, Om Kale On Thu, Aug 2, 2018 at 4:27 PM, dormando wrote: > Why are you trying to do this? That's generally a bad sign, the > replication is for redundancy. if you're just trying to confirm it works, > you can do a brute force search for the key > > On Thu, 2 Aug 2018, Om Kale wrote: > > > Hi All,I have enabled replication (using --NUMBER_OF_REPLICAS) and > ketama hashing. > > This means, I will have replicas of keys stored on different servers > memntioned in my server list. > > > > My question is, is there any way of retrieving the list of servers where > replicas of a particular key lie, in libmemcached? > > Example: If I give a key, I need all the servers where replicas of that > key are stored. > > > > For getting one server where key is stored, I use this: > > const struct memcached_instance_st *server;server = const > memcached_instance_st * memcached_server_by_key(memcached_st *ptr, const > > char *key, size_t key_length, memcached_return_t *error); > > > > > > However, I am unable to print the hostname from the returned structure > using server->hostname > > > > in a .c file. Can this info not be printed? > > > > Thanks and Regards, > > > > Om Kale > > > > > > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups "memcached" group. > > To unsubscribe from this group and stop receiving emails from it, send > an email to memcached+unsubscr...@googlegroups.com. > > For more options, visit https://groups.google.com/d/optout. > > > > > > -- > > --- > You received this message because you are subscribed to the Google Groups > "memcached" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to memcached+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "memcached" group. To unsubscribe from this group and stop receiving emails from it, send an email to memcached+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: Getting hostnames of servers where a particular key is stored when ketama hashing and replication is enabled
Yes. I do. Oh..ok. You are saying to do it the other way around, instead of passing a key and checking which server it belongs to, query every server in the list for a given key? I could that..not very optimal..but a workaround. Why I needed a way to get a server list where a particular key belongs to, it will be easy to check the state as well during run time. So whenever, some value fetch would give me an error, I could quickly use the key to get the servers its stored on and go on from there. Thanks and Regards, Om Kale On Thu, Aug 2, 2018 at 4:43 PM, dormando wrote: > You have the list of all servers right? Just query them individually? if > it's just for debugging it should take you a few minutes to code soemthing > yup; you could even use a bash script. > > On Thu, 2 Aug 2018, Om Kale wrote: > > > The reason I am trying to do this is for better debugging. In case > something goes wrong in the system and I am unable to get the value stored > for a > > particular key, I can go ahead and use this functionality to understand > on which server that particular key is stored. > > Also, the second question about why the printing doesn't work. Is there > any other way to check on which server a key is stored. > > Additionally, when you say brute force, how would I be able to do it on > memcached server as I will not know on which server instance the key is > stored. > > Could you please elaborate on this? > > > > Thanks and Regards,Om Kale > > > > On Thu, Aug 2, 2018 at 4:27 PM, dormando wrote: > > Why are you trying to do this? That's generally a bad sign, the > > replication is for redundancy. if you're just trying to confirm it > works, > > you can do a brute force search for the key > > > > On Thu, 2 Aug 2018, Om Kale wrote: > > > > > Hi All,I have enabled replication (using --NUMBER_OF_REPLICAS) > and ketama hashing. > > > This means, I will have replicas of keys stored on different > servers memntioned in my server list. > > > > > > My question is, is there any way of retrieving the list of > servers where replicas of a particular key lie, in libmemcached? > > > Example: If I give a key, I need all the servers where replicas > of that key are stored. > > > > > > For getting one server where key is stored, I use this: > > > const struct memcached_instance_st *server;server = const > memcached_instance_st * memcached_server_by_key(memcached_st *ptr, const > > > char *key, size_t key_length, memcached_return_t *error); > > > > > > > > > However, I am unable to print the hostname from the returned > structure using server->hostname > > > > > > in a .c file. Can this info not be printed? > > > > > > Thanks and Regards, > > > > > > Om Kale > > > > > > > > > > > > -- > > > > > > --- > > > You received this message because you are subscribed to the Google > Groups "memcached" group. > > > To unsubscribe from this group and stop receiving emails from it, send > an email to memcached+unsubscr...@googlegroups.com. > > > For more options, visit https://groups.google.com/d/optout. > > > > > > > > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups "memcached" group. > > To unsubscribe from this group and stop receiving emails from it, send > an email to memcached+unsubscr...@googlegroups.com. > > For more options, visit https://groups.google.com/d/optout. > > > > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups "memcached" group. > > To unsubscribe from this group and stop receiving emails from it, send > an email to memcached+unsubscr...@googlegroups.com. > > For more options, visit https://groups.google.com/d/optout. > > > > > > -- > > --- > You received this message because you are subscribed to the Google Groups > "memcached" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to memcached+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "memcached" group. To unsubscribe from this group and stop receiving emails from it, send an email to memcached+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Regarding getting a list of servers where a particular key is stored when ketama hashing and relication is turned on
Hi All, I have sorted the initial problems I had with encryption and SASL auth in memcached and things work seamlessly. I also fixed an existing issue in libmemcached where set_encryption key was failing when we used binary protocol. Thanks for the support. Now, I have enabled replication (using --NUMBER_OF_REPLICAS) and ketama hashing. This means, I will have replicas of keys stored on different servers memntioned in my server list. My question is, is there any way of retrieving the list of servers where replicas of a particular key lie, in libmemcached? Example: If I give a key, I need all the servers where replicas of that key are stored. Thanks and Regards, Om Ajit Kale Master of Science in Electrical and Computer Engineering Georgia Institute of Technology -- --- You received this message because you are subscribed to the Google Groups "memcached" group. To unsubscribe from this group and stop receiving emails from it, send an email to memcached+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: Getting hostnames of servers where a particular key is stored when ketama hashing and replication is enabled
Hey,
Additionally, I see no example usage of the memcached_server_by_key API to
get the server where a key is stored.
When I try to print out the value contained in it in my c code, I get
dereferencing error:
memcached_return_t rc2;
memcached_instance_st* r_server;
r_server = memcached_server_by_key(cache, key, (size_t) strlen(key),
);
printf("%s \n", r_server->hostname());
This is the error:
testsasl.c:67:28: error: dereferencing pointer to incomplete type
‘memcached_instance_st {aka struct memcached_instance_st}’
printf("%s \n", r_server->hostname());
^
Also, I observe that the common.h file does not get added in the usual
compilation path under /usr/include/lib/
Any help with this will be highly appreciated. Would I need to change
libmemcached code to view this?
Thanks and Regards,
Om Kale
On Thu, Aug 2, 2018 at 7:15 PM, Om Kale wrote:
> Also, one more problem with the script approach, I would have to maintain
> a separate connection to all memcached servers in the list.
> How would I query them individually all the time when server list changes?
>
>
> Thanks and Regards,
> Om Kale
>
>
> On Thu, Aug 2, 2018 at 5:21 PM, Om Kale wrote:
>
>> Yes. I do.
>> Oh..ok. You are saying to do it the other way around, instead of passing
>> a key and checking which server it belongs to, query every server in the
>> list for a given key? I could that..not very optimal..but a workaround.
>> Why I needed a way to get a server list where a particular key belongs
>> to, it will be easy to check the state as well during run time. So
>> whenever, some value fetch would give me an error, I could quickly use the
>> key to get the servers its stored on and go on from there.
>>
>> Thanks and Regards,
>> Om Kale
>>
>> On Thu, Aug 2, 2018 at 4:43 PM, dormando wrote:
>>
>>> You have the list of all servers right? Just query them individually? if
>>> it's just for debugging it should take you a few minutes to code
>>> soemthing
>>> yup; you could even use a bash script.
>>>
>>> On Thu, 2 Aug 2018, Om Kale wrote:
>>>
>>> > The reason I am trying to do this is for better debugging. In case
>>> something goes wrong in the system and I am unable to get the value stored
>>> for a
>>> > particular key, I can go ahead and use this functionality to
>>> understand on which server that particular key is stored.
>>> > Also, the second question about why the printing doesn't work. Is
>>> there any other way to check on which server a key is stored.
>>> > Additionally, when you say brute force, how would I be able to do it
>>> on memcached server as I will not know on which server instance the key is
>>> stored.
>>> > Could you please elaborate on this?
>>> >
>>> > Thanks and Regards,Om Kale
>>> >
>>> > On Thu, Aug 2, 2018 at 4:27 PM, dormando wrote:
>>> > Why are you trying to do this? That's generally a bad sign, the
>>> > replication is for redundancy. if you're just trying to confirm
>>> it works,
>>> > you can do a brute force search for the key
>>> >
>>> > On Thu, 2 Aug 2018, Om Kale wrote:
>>> >
>>> > > Hi All,I have enabled replication (using --NUMBER_OF_REPLICAS)
>>> and ketama hashing.
>>> > > This means, I will have replicas of keys stored on different
>>> servers memntioned in my server list.
>>> > >
>>> > > My question is, is there any way of retrieving the list of
>>> servers where replicas of a particular key lie, in libmemcached?
>>> > > Example: If I give a key, I need all the servers where
>>> replicas of that key are stored.
>>> > >
>>> > > For getting one server where key is stored, I use this:
>>> > > const struct memcached_instance_st *server;server = const
>>> memcached_instance_st * memcached_server_by_key(memcached_st *ptr, const
>>> > > char *key, size_t key_length, memcached_return_t *error);
>>> > >
>>> > >
>>> > > However, I am unable to print the hostname from the returned
>>> structure using server->hostname
>>> > >
>>> > > in a .c file. Can this info not be printed?
>>> > >
>>> > > Thanks and Regards,
>>> > >
>>> > > Om Kale
>>> > >
>&
Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.
Hi Dormando, Thanks for the quick reply. I used the environment variable you suggested before running the memcached server instance: MEMCACHED_SASL_PWDB="/Users/ okale/Library/Caches/Homebrew/memcached-1.5.7/memcached-sasl-pwdb" I have added the following in my memcached.conf file (so basically tells plain text). I have openssl and openldap installed on my machine but haven't specified it any config or pointed to it in the code. > OKALE-M-33H5:memcached-1.5.7 okale$ cat memcached.conf > mech_list: plain Now I run: ./memcached -S -v Followed by the client: OKALE-M-33H5:mycode okale$ ./testsasl ok hello localhost Set failed: AUTHENTICATION FAILURE But still get the same error as before on the memcached server: OKALE-M-33H5:memcached-1.5.7 okale$ export MEMCACHED_SASL_PWDB="/Users/okale/Library/Caches/Homebrew/memcached-1.5.7/memcached-sasl-pwdb" OKALE-M-33H5:memcached-1.5.7 okale$ ./memcached -S -v Reading configuration from: Initialized SASL. mech: ``SRP'' with 15 bytes of data SASL (severity 2): no secret in database sasl result code: -4 Unknown sasl response: -4 You could refer to my attached client code above but I still don't understand why it says 'no secret in database'. Thanks and Regards, Om Kale On Friday, April 6, 2018 at 12:19:17 PM UTC-7, Dormando wrote: > > > > On Fri, 6 Apr 2018, Om Kale wrote: > > > and then try to run my client, I get the following error on the server: > > > > > > OKALE-M-33H5:memcached-1.5.7 okale$ ./memcached -S -v > > Reading configuration from: > > > Initialized SASL. > > mech: ``SRP'' with 15 bytes of data > > SASL (severity 2): no secret in database > > sasl result code: -4 > > Unknown sasl response: -4 > > > > > > I have added my username, password in a file called memcached-sasl-pwdb > which is located at > > /Users/okale/Library/Caches/Homebrew/memcached-1.5.7/memcached-sasl-pwdb > > > > > > OKALE-M-33H5:memcached-1.5.7 okale$ cat memcached-sasl-pwdb > > ok:hello > > > > > > > > My memcached.conf located at > /Users/okale/Library/Caches/Homebrew/memcached-1.5.7/memcached.conf and > contains: > > > > > > OKALE-M-33H5:memcached-1.5.7 okale$ cat memcached.conf > > mech_list: plain > > > > > > I have a couple of questions: > > 1. How can the memcached server on start up know the configured users > and the username:password details. (Does it read it from > memcached-sasl-pwdb? If > > yes, how do I configure it/point to it?) > > I guess the wiki didn't get fully updated :( If you use PWDB, it's via > MEMCACHED_SASL_PWDB as an environment variable, so: > $ > MEMCACHED_SASL_PWDB="/Users/okale/Library/Caches/Homebrew/memcached-1.5.7/memcached-sasl-pwdb" > > > ./memcached -S -v > > > > 2. What's the use of the memcached.conf file in the "Reading > configuration from: > " > > Stating the supported mechanisms for sasl authentication (ie; the at-rest > state of the password data) > > > in the output. I am presuming this read will tell the memcached server > the username:password details. If yes, what should be the location of this > file > > 3. Do I need to install/point to any additional ssl libraries during > server bring up? > > Should be answered above. Hopefully that works for you -- --- You received this message because you are subscribed to the Google Groups "memcached" group. To unsubscribe from this group and stop receiving emails from it, send an email to memcached+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Regarding setting up SASL with memcached server and getting a memcached client to associate with server.
Hi All,
I am new to memcached and have started working on it for the past couple
weeks.
*My use case is creating a SASL enabled client and successfully get/set
into memcache server using authentication.*
I have enabled SASL and enabled SASL-PWDB in the brew install itself:
brew install memcached --enable-sasl --enable-sasl-pwdb
I have written a simple memcached client using libmemcached which looks
like this: (Using: memcached_set_sasl_auth_data)
/*
* Test that libmemcached is built with SASL support.
*/
#include
#include
#include
const char* key = "abc";
const char* value = "value";
// test basic get/set operation works.
void test_getset(memcached_st* cache)
{
char* r_value;
uint32_t flags = 0;
uint32_t r_flags = 0;
size_t val_length;
memcached_return_t rc;
rc = memcached_set(cache, key, strlen(key), value, strlen(value),
(time_t)0, flags);
if (rc == MEMCACHED_TIMEOUT) {
fprintf(stderr, "Set timeout\n");
return;
} else if (rc != MEMCACHED_SUCCESS) {
fprintf(stderr, "Set failed: %s\n", memcached_strerror(cache, rc));
return;
}
r_value = memcached_get(cache, key, strlen(key), _length, _flags,
);
if (rc == MEMCACHED_TIMEOUT) {
fprintf(stderr, "Get timeout\n");
return;
} else if (rc != MEMCACHED_SUCCESS) {
fprintf(stderr, "Get failed: %s\n", memcached_strerror(cache, rc));
return;
}
if (strcmp(value, r_value) != 0) {
fprintf(stderr, "Get returned bad value! (%s != %s)!\n", value,
r_value);
}
if (r_flags != flags) {
fprintf(stderr, "Get returned bad flags! (%u != %u)!\n", flags,
r_flags);
}
fprintf(stdout, "Get/Set success!\n");
}
// connect with SASL.
void authTest(const char* user, const char* pass, const char* server)
{
memcached_server_st *servers = NULL;
memcached_return_t rc;
memcached_st *cache;
cache = memcached_create(NULL);
rc = memcached_set_sasl_auth_data(cache, user, pass);
if (rc != MEMCACHED_SUCCESS)
fprintf(stderr, "Couldn't setup SASL auth: %s\n",
memcached_strerror(cache, rc));
rc = memcached_behavior_set(cache, MEMCACHED_BEHAVIOR_BINARY_PROTOCOL, 1);
if (rc != MEMCACHED_SUCCESS)
fprintf(stderr, "Couldn't use the binary protocol: %s\n",
memcached_strerror(cache, rc));
rc = memcached_behavior_set(cache, MEMCACHED_BEHAVIOR_CONNECT_TIMEOUT,
1);
if (rc != MEMCACHED_SUCCESS)
fprintf(stderr, "Couldn't set the connect timeout: %s\n",
memcached_strerror(cache, rc));
servers = memcached_server_list_append(servers, "localhost", 11211, );
rc = memcached_server_push(cache, servers);
if (rc != MEMCACHED_SUCCESS)
fprintf(stderr, "Couldn't add server: %s\n", memcached_strerror(cache,
rc));
test_getset(cache);
memcached_free(cache);
}
// start program.
int main(int argv, char *args[])
{
if (argv != 4) {
fprintf(stderr, "ERROR: usage => %s [username] [password] [server]\n",
args[0]);
return 1;
}
authTest(args[1], args[2], args[3]);
return 0;
}
Now when I run the memcached server using:
memcached -S -vv
and then try to run my client, I get the following error on the server:
OKALE-M-33H5:memcached-1.5.7 okale$ ./memcached -S -v
Reading configuration from:
Initialized SASL.
mech: ``SRP'' with 15 bytes of data
SASL (severity 2): no secret in database
sasl result code: -4
Unknown sasl response: -4
On the client side, I see the following:
OKALE-M-33H5:mycode okale$ ./testsasl ok hello localhost
Set failed: AUTHENTICATION FAILURE
OKALE-M-33H5:mycode okale$
I have added my username, password in a file called memcached-sasl-pwdb
which is located at
/Users/okale/Library/Caches/Homebrew/memcached-1.5.7/memcached-sasl-pwdb
OKALE-M-33H5:memcached-1.5.7 okale$ cat memcached-sasl-pwdb
ok:hello
My memcached.conf located at
/Users/okale/Library/Caches/Homebrew/memcached-1.5.7/memcached.conf and
contains:
OKALE-M-33H5:memcached-1.5.7 okale$ cat memcached.conf
mech_list: plain
I have a couple of questions:
1. How can the memcached server on start up know the configured users and
the username:password details. (Does it read it from memcached-sasl-pwdb?
If yes, how do I configure it/point to it?)
2. What's the use of the memcached.conf file in the "Reading configuration
from:
" in
the output. I am presuming this read will tell the memcached server the
username:password details. If yes, what should be the location of this file
3. Do I need to install/point to any additional ssl libraries during server
bring up?
Please refer attachment for the verbose memcached server log.
Help will be much appreciated.
Thanks and Regards,
Om Kale
--
---
You received this message because you are subscribed to the Google Groups
"memcached" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to memcached+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
memcachedserververbose.rtf
Description: RTF file
Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.
Yup, it will be really helpful if you could try and reproduce it. Yes...that's the thing I was wondering, 'no secret in database' means its able to reach the database, but unable to read/load the memcached-sasl-pwdb file. Additionally, I was wondering, if there is need to write additional code for some shared secret at client side or any other dependencies. Currently, I am directly using memcached_set_sasl_auth_data function in the client. Here are the steps to reproduce: 1. I installed the memcached server with the enable-sasl and enable-sasl-db. 2. Wrote a c client as attached in the email. 3. Created a file with the username:password entry named memcached-sasl-pwdb as shown before. 4. Created a memcached.conf with mech:plain 5. Ran the server using ./memcached -S -vv 6. Ran the client using ./testsasl username password localhost Couple more things to add: 1. I have followed the following wiki: https://github.com/memcached/memcached/wiki/SASLHowto 2. I haven't used this but added the user:pass in the memcached-sasl-pwdb file manually. saslpasswd2 -a memcached -c cacheuser 3. For the SASL library cyrus-sasl-plain, I have installed it, but havent used/pointed to it in code or on the server as I did not see steps for this. 4.I see its mentioned configure option --enable-sasl-pwdb is not working on the wiki, but saw that its there in one of the new PRs. https://github.com/memcached/memcached/issues/365 Let me know if you need any additional info from my side. Regards, Om Kale On Friday, April 6, 2018 at 12:45:26 PM UTC-7, Dormando wrote: > > No secret in database means it thinks the pwdb is empty (or it can't > load/find the pwdb). > > I'm not sure why offhand.. I can try to reproduce it but won't have time > until later today. > > On Fri, 6 Apr 2018, Om Kale wrote: > > > Hi Dormando, > > Thanks for the quick reply. I used the environment variable you > suggested before running the memcached server instance: > > > MEMCACHED_SASL_PWDB="/Users/okale/Library/Caches/Homebrew/memcached-1.5.7/memcached-sasl-pwdb" > > > > > > I have added the following in my memcached.conf file (so basically tells > plain text). I have openssl and openldap installed on my machine but > haven't > > specified it any config or pointed to it in the code. > > > OKALE-M-33H5:memcached-1.5.7 okale$ cat memcached.conf > > > mech_list: plain > > > > Now I run: > > ./memcached -S -v > > > > Followed by the client: > > OKALE-M-33H5:mycode okale$ ./testsasl ok hello localhost > > Set failed: AUTHENTICATION FAILURE > > > > But still get the same error as before on the memcached server: > > OKALE-M-33H5:memcached-1.5.7 okale$ export > MEMCACHED_SASL_PWDB="/Users/okale/Library/Caches/Homebrew/memcached-1.5.7/memcached-sasl-pwdb" > > > > OKALE-M-33H5:memcached-1.5.7 okale$ ./memcached -S -v > > Reading configuration from: > > > Initialized SASL. > > mech: ``SRP'' with 15 bytes of data > > SASL (severity 2): no secret in database > > sasl result code: -4 > > Unknown sasl response: -4 > > > > > > > > You could refer to my attached client code above but I still don't > understand why it says 'no secret in database'. > > > > > > > > Thanks and Regards, > > Om Kale > > > > > > > > > > > > On Friday, April 6, 2018 at 12:19:17 PM UTC-7, Dormando wrote: > > > > > > On Fri, 6 Apr 2018, Om Kale wrote: > > > > > and then try to run my client, I get the following error on the > server: > > > > > > > > > OKALE-M-33H5:memcached-1.5.7 okale$ ./memcached -S -v > > > Reading configuration from: > > > > Initialized SASL. > > > mech: ``SRP'' with 15 bytes of data > > > SASL (severity 2): no secret in database > > > sasl result code: -4 > > > Unknown sasl response: -4 > > > > > > > > > I have added my username, password in a file called > memcached-sasl-pwdb which is located at > > > > /Users/okale/Library/Caches/Homebrew/memcached-1.5.7/memcached-sasl-pwdb > > > > > > > > > OKALE-M-33H5:memcached-1.5.7 okale$ cat memcached-sasl-pwdb > > > ok:hello > > > > > > > > > > > > My memcached.conf located at > /Users/okale/Library/Caches/Homebrew/memcached-1.5.7/memcached.conf and > contains: > > > > > > > > > OKALE-
Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.
Hey Dormando, Ok. When I look at the 't/binary-sasl.t' and search for the section you mentioned, I see this: # Build the auth DB for testing. my $sasldb = '/tmp/test-memcached.sasldb'; unlink $sasldb; In the t/sasl/memcached.conf, I see the following: mech_list: plain cram-md5 log_level: 5 sasldb_path: /tmp/test-memcached.sasldb Now, let me know what I need to doa bit confused. Do I need to change any of the above or do I create test-memcached.sasldb under tmp on my machine, add a username:password to it and then run ./configure followed by make? Thanks and Regards, Om Kale On Fri, Apr 6, 2018 at 2:48 PM, dormando <dorma...@rydia.net> wrote: > Just for sanity's sake, if you look at: t/sasl/memcached.conf in the > tarball, and look at t/binary-sasl.t (look for the section starting with > "my $sasldb =", and build a passwd + configure the pwdb that way, does it > work? > > to reiterate; the test config file explicitly declares the path for the db > within memcached.conf, and then adds the passwords to it via the > saslpasswd tool. > > Would help rule things out anyway. thanks! > > On Fri, 6 Apr 2018, Om Kale wrote: > > > Yup, it will be really helpful if you could try and reproduce it. > > Yes...that's the thing I was wondering, 'no secret in database' means > its able to reach the database, but unable to read/load the > memcached-sasl-pwdb > > file. Additionally, I was wondering, if there is need to write > additional code for some shared secret at client side or any other > dependencies. > > Currently, I am directly using memcached_set_sasl_auth_data function in > the client. > > > > Here are the steps to reproduce: > > 1. I installed the memcached server with the enable-sasl and > enable-sasl-db. > > 2. Wrote a c client as attached in the email. > > 3. Created a file with the username:password entry named > memcached-sasl-pwdb as shown before. > > 4. Created a memcached.conf with mech:plain > > 5. Ran the server using ./memcached -S -vv > > 6. Ran the client using ./testsasl username password localhost > > > > Couple more things to add: > > 1. I have followed the following wiki: > > https://github.com/memcached/memcached/wiki/SASLHowto > > > > 2. I haven't used this but added the user:pass in the > memcached-sasl-pwdb file manually. > > > > saslpasswd2 -a memcached -c cacheuser > > 3. For the SASL library cyrus-sasl-plain, I have installed it, but > havent used/pointed to it in code or on the server as I did not see steps > for this. > > > > 4.I see its mentioned configure option --enable-sasl-pwdb is not working > on the wiki, but saw that its there in one of the new PRs. > > https://github.com/memcached/memcached/issues/365 > > > > > > Let me know if you need any additional info from my side. > > > > Regards, > > Om Kale > > > > > > > > On Friday, April 6, 2018 at 12:45:26 PM UTC-7, Dormando wrote: > > No secret in database means it thinks the pwdb is empty (or it > can't > > load/find the pwdb). > > > > I'm not sure why offhand.. I can try to reproduce it but won't > have time > > until later today. > > > > On Fri, 6 Apr 2018, Om Kale wrote: > > > > > Hi Dormando, > > > Thanks for the quick reply. I used the environment variable you > suggested before running the memcached server instance: > > > MEMCACHED_SASL_PWDB="/Users/okale/Library/Caches/Homebrew/ > memcached-1.5.7/memcached-sasl-pwdb" > > > > > > I have added the following in my memcached.conf file (so > basically tells plain text). I have openssl and openldap installed on my > machine > > but haven't > > > specified it any config or pointed to it in the code. > > > > OKALE-M-33H5:memcached-1.5.7 okale$ cat memcached.conf > > > > mech_list: plain > > > > > > Now I run: > > > ./memcached -S -v > > > > > > Followed by the client: > > > OKALE-M-33H5:mycode okale$ ./testsasl ok hello localhost > > > Set failed: AUTHENTICATION FAILURE > > > > > > But still get the same error as before on the memcached server: > > > OKALE-M-33H5:memcached-1.5.7 okale$ export > MEMCACHED_SASL_PWDB="/Users/okale/Library/Caches/Homebrew/ > memcached-1.5.7/memcached-sasl-pwdb" > > > OKALE-M-33H5:memcached-1.5.7 okale$ ./memcached -S -v > > > Reading configuration from: Homebrew/memcached-1.5.7/memcached.conf> > >
Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.
Got it. I see the line you mentioned in the test code.
I executed the following steps but still see same issue. (I ran ./configure
after the echo command)
Here are the steps:
OKALE-M-33H5:memcached-1.5.7 okale$ echo "hello" | saslpasswd2 -a memcached
-c -p ok
OKALE-M-33H5:memcached-1.5.7 okale$ ls -lrth | grep -i 'memcached.conf'
-rw-r--r-- 1 okale staff 116B Apr 6 15:28 memcached.conf
OKALE-M-33H5:memcached-1.5.7 okale$
OKALE-M-33H5:memcached-1.5.7 okale$
OKALE-M-33H5:memcached-1.5.7 okale$
OKALE-M-33H5:memcached-1.5.7 okale$ cat memcached.conf
mech_list: plain
log_level: 5
sasldb_path:
/Users/okale/Library/Caches/Homebrew/memcached-1.5.7/memcached-sasl-pwdb
OKALE-M-33H5:memcached-1.5.7 okale$
OKALE-M-33H5:memcached-1.5.7 okale$
OKALE-M-33H5:memcached-1.5.7 okale$ ./memcached -S -v
Reading configuration from:
Initialized SASL.
mech: ``SRP'' with 15 bytes of data
SASL (severity 2): no secret in database
sasl result code: -4
Unknown sasl response: -4
Client side:
OKALE-M-33H5:mycode okale$ ./testsasl ok hello localhost
Set failed: AUTHENTICATION FAILURE
OKALE-M-33H5:mycode okale$
Is there a specific location where memcached.conf and the sasl db file:
memcached-sasl-pwdb, need to be put?
Thanks and Regards,
Om Kale
On Fri, Apr 6, 2018 at 3:54 PM, dormando <dorma...@rydia.net> wrote:
> Read the 30 lines around where I said, not just that line.
>
> though I guess it's just:
>
> system("echo testpass | $saslpasswd_path -a memcached -c -p testuser");
>
> so that means:
>
> echo "testpass" | saslpasswd2 -a memcached -c -p testuser
> if you run that from the same directory as your memcached.conf (or use -f
> to point to it?), it should create the file properly.
>
> I'm saying to use the tool instead of just putting the username/password
> into the file, and also using the sasldb_path: argument in memcached.conf
> to point to the sasldb, instead of the environment variable.
>
> On Fri, 6 Apr 2018, Om Kale wrote:
>
> > Hey Dormando,
> > Ok. When I look at the 't/binary-sasl.t' and search for the section you
> mentioned,
> > I see this:
> >
> > # Build the auth DB for testing.
> >
> > my $sasldb = '/tmp/test-memcached.sasldb';
> >
> > unlink $sasldb;
> >
> >
> > In the t/sasl/memcached.conf, I see the following:
> > mech_list: plain cram-md5
> > log_level: 5
> > sasldb_path: /tmp/test-memcached.sasldb
> >
> > Now, let me know what I need to doa bit confused.
> > Do I need to change any of the above or do I create
> test-memcached.sasldb under tmp on my machine, add a username:password to
> it and then run ./configure
> > followed by make?
> >
> >
> >
> >
> > Thanks and Regards,Om Kale
> >
> >
> > On Fri, Apr 6, 2018 at 2:48 PM, dormando <dorma...@rydia.net> wrote:
> > Just for sanity's sake, if you look at: t/sasl/memcached.conf in
> the
> > tarball, and look at t/binary-sasl.t (look for the section
> starting with
> > "my $sasldb =", and build a passwd + configure the pwdb that way,
> does it
> > work?
> >
> > to reiterate; the test config file explicitly declares the path
> for the db
> > within memcached.conf, and then adds the passwords to it via the
> > saslpasswd tool.
> >
> > Would help rule things out anyway. thanks!
> >
> > On Fri, 6 Apr 2018, Om Kale wrote:
> >
> > > Yup, it will be really helpful if you could try and reproduce it.
> > > Yes...that's the thing I was wondering, 'no secret in database'
> means its able to reach the database, but unable to read/load the
> > memcached-sasl-pwdb
> > > file. Additionally, I was wondering, if there is need to write
> additional code for some shared secret at client side or any other
> > dependencies.
> > > Currently, I am directly using memcached_set_sasl_auth_data
> function in the client.
> > >
> > > Here are the steps to reproduce:
> > > 1. I installed the memcached server with the enable-sasl and
> enable-sasl-db.
> > > 2. Wrote a c client as attached in the email.
> > > 3. Created a file with the username:password entry named
> memcached-sasl-pwdb as shown before.
> > > 4. Created a memcached.conf with mech:plain
> > > 5. Ran the server using ./memcached -S -vv
> > > 6. Ran the client using ./testsasl username password localhost
> > >
> > > Couple more things to add:
> > > 1. I have followed the following wiki:
> > > https://github.com/memcac
Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.
Hey Dormando,
I do not see the memcached-sasl-pwdb created and the password added in it.
The steps are same as above.
Also, is there a specific location where memcached.conf and the sasl db
file: memcached-sasl-pwdb, need to be put?
I do not see the memcached-sasl-pwdb created automatically. Also the
memcached.conf is located at t/sasl/memcached.conf, do I need to make the
modification in this file to point to sasl db or can I create my own
memcached.conf at another location?
Thanks and Regards,
Om Kale
On Fri, Apr 6, 2018 at 5:53 PM, dormando <dorma...@rydia.net> wrote:
> Hey,
>
> Did the memcached-sasl-pwdb file get created and is there a line in it?
>
> On Fri, 6 Apr 2018, Om Kale wrote:
>
> > Got it. I see the line you mentioned in the test code.
> > I executed the following steps but still see same issue. (I ran
> ./configure after the echo command)
> >
> >
> > Here are the steps:
> >
> > OKALE-M-33H5:memcached-1.5.7 okale$ echo "hello" | saslpasswd2 -a
> memcached -c -p ok
> > OKALE-M-33H5:memcached-1.5.7 okale$ ls -lrth | grep -i 'memcached.conf'
> > -rw-r--r-- 1 okale staff 116B Apr 6 15:28 memcached.conf
> > OKALE-M-33H5:memcached-1.5.7 okale$
> > OKALE-M-33H5:memcached-1.5.7 okale$
> > OKALE-M-33H5:memcached-1.5.7 okale$
> > OKALE-M-33H5:memcached-1.5.7 okale$ cat memcached.conf
> > mech_list: plain
> > log_level: 5
> > sasldb_path: /Users/okale/Library/Caches/Homebrew/memcached-1.5.7/
> memcached-sasl-pwdb
> > OKALE-M-33H5:memcached-1.5.7 okale$
> > OKALE-M-33H5:memcached-1.5.7 okale$
> > OKALE-M-33H5:memcached-1.5.7 okale$ ./memcached -S -v
> > Reading configuration from: Homebrew/memcached-1.5.7/memcached.conf>
> > Initialized SASL.
> > mech: ``SRP'' with 15 bytes of data
> > SASL (severity 2): no secret in database
> > sasl result code: -4
> > Unknown sasl response: -4
> >
> >
> >
> > Client side:
> > OKALE-M-33H5:mycode okale$ ./testsasl ok hello localhost
> > Set failed: AUTHENTICATION FAILURE
> > OKALE-M-33H5:mycode okale$
> >
> >
> >
> > Is there a specific location where memcached.conf and the sasl db file:
> memcached-sasl-pwdb, need to be put?
> >
> >
> >
> >
> > Thanks and Regards,Om Kale
> >
> >
> > On Fri, Apr 6, 2018 at 3:54 PM, dormando <dorma...@rydia.net> wrote:
> > Read the 30 lines around where I said, not just that line.
> >
> > though I guess it's just:
> >
> > system("echo testpass | $saslpasswd_path -a memcached -c -p
> testuser");
> >
> > so that means:
> >
> > echo "testpass" | saslpasswd2 -a memcached -c -p testuser
> > if you run that from the same directory as your memcached.conf (or
> use -f
> > to point to it?), it should create the file properly.
> >
> > I'm saying to use the tool instead of just putting the
> username/password
> > into the file, and also using the sasldb_path: argument in
> memcached.conf
> > to point to the sasldb, instead of the environment variable.
> >
> > On Fri, 6 Apr 2018, Om Kale wrote:
> >
> > > Hey Dormando,
> > > Ok. When I look at the 't/binary-sasl.t' and search for the
> section you mentioned,
> > > I see this:
> > >
> > > # Build the auth DB for testing.
> > >
> > > my $sasldb = '/tmp/test-memcached.sasldb';
> > >
> > > unlink $sasldb;
> > >
> > >
> > > In the t/sasl/memcached.conf, I see the following:
> > > mech_list: plain cram-md5
> > > log_level: 5
> > > sasldb_path: /tmp/test-memcached.sasldb
> > >
> > > Now, let me know what I need to doa bit confused.
> > > Do I need to change any of the above or do I create
> test-memcached.sasldb under tmp on my machine, add a username:password to
> it and then
> > run ./configure
> > > followed by make?
> > >
> > >
> > >
> > >
> > > Thanks and Regards,Om Kale
> > >
> > >
> > > On Fri, Apr 6, 2018 at 2:48 PM, dormando <dorma...@rydia.net>
> wrote:
> > > Just for sanity's sake, if you look at:
> t/sasl/memcached.conf in the
> > > tarball, and look at t/binary-sasl.t (look for the section
> starting with
> > > "my $sasldb =", and build a passwd + conf
Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.
Hey Dormando, Today I tried reinstalling memcached from scratch and followed the procedure in the wiki and the points you mentiibed however same issue of 'no secret in database' is still observed. In addition, did the following steps but still no success. https://stackoverflow.com/questions/12919032/can-i-set-username-and-password-on-memcached-like-mysql Thanks and Regards, Om Kale On Mon, Apr 9, 2018 at 11:58 PM, dormando <dorma...@rydia.net> wrote: > Sorry, ran out of time today. will try for earlier tomorrow > > On Mon, 9 Apr 2018, Om Kale wrote: > > > Hi Dormando,I was just curious to know whether you were able to > reproduce the above > > mentioned issue? > > > > Thanks and Regards,Om Kale > > > > On Mon, Apr 9, 2018 at 12:53 PM, Om Kale <omkal...@gmail.com> wrote: > > Yes, that will be very helpful Dormando. I agree, might be missing > > something. > > The points where I think I might be going wrong are as follows: > > > > 1. The exact location and contents of memcached.conf and the sasl db > file - > > memcached-sasl-pwdb (and the interaction between the two). > > As per my understanding, SASL_CONF_PATH, tells the memcached server > where to read > > the file from and then the line sasldb_path in the conf file tells the > server > > where to get the sasl db file for username:password authentication. I > feel this > > linkage is not happening correctly in my case. > > > > 2. Is the sasl db file generated on its own when I run the server? If > yes, do we > > need to add command line parameters while running the memcached server > for this to > > happen. (FYI: I have configured --enable-sasl-pwdb while running > configure) > > > > The main problem I am facing right now is memcached-sasl-pwdb is not > getting > > created and populated on its own. > > Please do let me know the outcome once you try to reproduce it. I am > cuurently > > using MAC-OS high Sierra. > > > > Thanks and Regards,Om Kale > > > > > > On Mon, Apr 9, 2018 at 12:28 PM, dormando <dorma...@rydia.net> wrote: > > Hey, > > > > I'll try to reproduce this today. I have a feeling you're skipping > > some > > steps but it's definitely a confusing process... > > > > On Mon, 9 Apr 2018, Om Kale wrote: > > > > > Currently my set up is as follows: > > > 1. My memcached.conf exists at > > /Users/okale/Library/Caches/Homebrew/memcached-1.5.7/ > > > 2. The memcached server on starting reads from this file as > shown in > > the log: > > > OKALE-M-33H5:memcached-1.5.7 okale$ ./memcached -S -v > > > Reading configuration from: > > > > > > Initialized SASL. > > > 3. The contents of the memcached.conf are: > > > mech_list: plain > > > log_level: 5 > > > sasldb_path: > > > /Users/okale/Library/Caches/Homebrew/memcached-1.5.7/memcached-sasl-pwdb > > > 4. The memcached-sasl-pwdb is located > > at /Users/okale/Library/Caches/Homebrew/memcached-1.5.7/ and has > the > > line: > > > (I am adding this line manually as the command 'echo "testpass" | > > saslpasswd2 -a memcached -c -p testuser' is not creating the file > and > > adding the > > > content in it) > > > ok:hello > > > > > > However, I still see same error on server side: > > > mech: ``SRP'' with 15 bytes of data > > > SASL (severity 2): no secret in database > > > sasl result code: -4 > > > Unknown sasl response: -4 > > > > > > Also on client side, I still see: > > > OKALE-M-33H5:mycode okale$ ./testsasl ok hello localhost > > > Set failed: AUTHENTICATION FAILURE > > > > > > > > > One more question is: > > > Is there any additional info to be provided while starting the > > memcached server itself? > > > > > > Thanks and Regards,Om Kale > > > > > > > > > On Mon, Apr 9, 2018 at 10:35 AM, Om Kale <omkal...@gmail.com> wrote: > > > Hey Dormando, > > > I do not see the memcached-sasl-pwdb created and the password added in > it. > > > The steps are same as above. > > > Also, is there a specific location where memcached.conf and the sasl db > > file: memcached-sasl-pwdb, need to be put? > > > I do not see the memcached-sasl
Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.
Hi Dormando, Thanks for the update. I will try this out now. But before this I had one more quick question. Did you create the sasl folder and memcached.conf manually inside /home/dormando/ ? Thanks and Regards, Om Kale On Tue, Apr 10, 2018 at 3:38 PM, dormando <dorma...@rydia.net> wrote: > Hey, > > Was able to authenticate with your tool: > > $ pwd > /home/dormando/sasl > $ cat memcached.conf > mech_list: plain > log_level: 5 > sasldb_path: /home/dormando/sasl/memcached-sasl-pwdb > $ echo testpass | saslpasswd2 -f > /home/dormando/sasl/memcached-sasl-pwdb -a memcached -c -p testuser > $ SASL_CONF_PATH="/home/dormando/sasl" memcached -S -v > INFO: MEMCACHED_SASL_PWDB not specified. Internal passwd database disabled > Initialized SASL. > $ ./testsasl testuser testpass 127.0.0.1 > Get/Set success! > > Just add the "-f /path/to/sasl-pwdb" to saslpasswd2 and let it create the > entry for you. Your manual passwd DB isn't valid. > > Without the -f the tool was exiting with "Generic failure" (should've > asked you what the exit code was earlier, sorry). Strace'ing it showed it > was trying to open /etc/sasl and write a new file, but I wasn't running as > root. > > On Tue, 10 Apr 2018, Om Kale wrote: > > > Hey Dormando, > > Today I tried reinstalling memcached from scratch and followed the > procedure in the wiki > > and the points you mentiibed however same issue of 'no secret in > database' is still > > observed. > > > > In addition, did the following steps but still no success. > > https://stackoverflow.com/questions/12919032/can-i-set- > username-and-password-on-memcach > > ed-like-mysql > > > > > > Thanks and Regards,Om Kale > > > > On Mon, Apr 9, 2018 at 11:58 PM, dormando <dorma...@rydia.net> wrote: > > Sorry, ran out of time today. will try for earlier tomorrow > > > > On Mon, 9 Apr 2018, Om Kale wrote: > > > > > Hi Dormando,I was just curious to know whether you were able to > reproduce > > the above > > > mentioned issue? > > > > > > Thanks and Regards,Om Kale > > > > > > On Mon, Apr 9, 2018 at 12:53 PM, Om Kale <omkal...@gmail.com> > wrote: > > > Yes, that will be very helpful Dormando. I agree, might be > missing > > > something. > > > The points where I think I might be going wrong are as follows: > > > > > > 1. The exact location and contents of memcached.conf and the > sasl db file > > - > > > memcached-sasl-pwdb (and the interaction between the two). > > > As per my understanding, SASL_CONF_PATH, tells the memcached > server where > > to read > > > the file from and then the line sasldb_path in the conf file > tells the > > server > > > where to get the sasl db file for username:password > authentication. I feel > > this > > > linkage is not happening correctly in my case. > > > > > > 2. Is the sasl db file generated on its own when I run the > server? If yes, > > do we > > > need to add command line parameters while running the memcached > server for > > this to > > > happen. (FYI: I have configured --enable-sasl-pwdb while running > > configure) > > > > > > The main problem I am facing right now is memcached-sasl-pwdb is > not > > getting > > > created and populated on its own. > > > Please do let me know the outcome once you try to reproduce it. > I am > > cuurently > > > using MAC-OS high Sierra. > > > > > > Thanks and Regards,Om Kale > > > > > > > > > On Mon, Apr 9, 2018 at 12:28 PM, dormando <dorma...@rydia.net> > wrote: > > > Hey, > > > > > > I'll try to reproduce this today. I have a feeling you're > skipping > > > some > > > steps but it's definitely a confusing process... > > > > > > On Mon, 9 Apr 2018, Om Kale wrote: > > > > > > > Currently my set up is as follows: > > > > 1. My memcached.conf exists at > > > /Users/okale/Library/Caches/Homebrew/memcached-1.5.7/ > > > > 2. The memcached server on starting reads from this file > as shown > > in >
Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.
Hi Dormando, Thanks for your guidance. Meanwhile, reading through the memcached email chain, I see someone else also observed something similar but there was no solution. The question is how do I create the memcahed-sasl-pwdb file and populate it with username and password as the saslpasswd2 doesnt seem to be doing it in this case. https://groups.google.com/d/msg/memcached/mtzcFVYahZo/ZGrX6i5FWsUJ Regards, Om Kale On Tuesday, April 10, 2018 at 7:07:58 PM UTC-7, Om Kale wrote: > > Yes, that is correct. But if this change is done, then the entry in > memcached.conf for sasldb_path should also change to sasldb_path: > /tmp/memcached-sasl-pwdb. > However, if this change is made still it fails. > > OKALE-M-33H5:sasl okale$ cat memcached.conf > mech_list: plain > log_level: 5 > sasldb_path: /tmp/memcached-sasl-pwdb > OKALE-M-33H5:sasl okale$ echo testpass | saslpasswd2 -f > /tmp/memcached-sasl-pwdb -a memcached -c -p testuser > OKALE-M-33H5:sasl okale$ SASL_CONF_PATH="/Users/okale/sasl" memcached -S -v > Reading configuration from: > Initialized SASL. > mech: ``PLAIN'' with 26 bytes of data > WARNING: Failed to open sasl database : No such > file or directory > SASL (severity 2): Password verification failed > sasl result code: -20 > Unknown sasl response: -20 > > > > The problem is the saslpasswd2 command is not creating the file in the > desired location. I am not able to see memcached-sasl-pwdb under /tmp folder > OKALE-M-33H5:tmp okale$ ls -lrth > total 2920 > drwxrwxrwx3 root wheel96B Apr 4 14:42 boost_interprocess > drwx--3 okale wheel96B Apr 4 14:43 > com.apple.launchd.PJzhBv7YpC > drwx--3 okale wheel96B Apr 4 14:43 > com.apple.launchd.KfTcHnvIT3 > drwx--3 okale wheel96B Apr 4 14:43 > com.apple.launchd.ha1KS1S42u > drwx--4 okale wheel 128B Apr 6 15:44 > com.apple.installermg8f7zLr > -rw-r--r--1 root wheel 111B Apr 9 13:01 progress.log > drwx--2 okale wheel64B Apr 9 13:53 > KSDownloadAction.uWLwKCAAOF > drwx--2 okale wheel64B Apr 9 13:53 > KSOutOfProcessFetcher.3Esze3adI3 > -rw-r--r--1 root wheel 510B Apr 10 11:36 top.out > -rw-r--r--1 root wheel 0B Apr 10 12:02 adobesmuoutpk1EMzc > -rw-r--r--1 root wheel 0B Apr 10 12:02 adobesmuoutpmWzWeW > -rw-r--r--1 root wheel 0B Apr 10 12:02 adobesmuoutpzm2q3Y > -rw-r--r--1 root wheel 0B Apr 10 12:02 adobesmuoutpBo8m4d > -rw-rw-rw-@ 1 okale staff 1.0M Apr 10 16:12 > libevent-2.1.8-stable.tar.gz > drwxr-xr-x@ 165 okale wheel 5.2K Apr 10 16:19 libevent-2.1.8-stable > -rw-rw-rw-@ 1 okale staff 447K Apr 10 16:21 memcached-1.5.7.tar.gz > srwxr-xr-x1 okale wheel 0B Apr 10 17:25 SIP-Main > srwxr-xr-x 1 okale wheel 0B Apr 10 17:25 SIP-MsgQ > drwxr-xr-x@ 148 okale wheel 4.6K Apr 10 18:33 memcached-1.5.7 > OKALE-M-33H5:tmp okale$ > > Thanks and Regards, > Om Kale > > > On Tue, Apr 10, 2018 at 6:41 PM, dormando <dorma...@rydia.net> wrote: > > Change: > > $ echo testpass | saslpasswd2 -f /Users/okale/sasl/memcached-sasl-pwdb -a > memcached -c -p testuser > > To: > > $ echo testpass | saslpasswd2 -f /tmp/memcached-sasl-pwdb -a > memcached -c -p testuser > > SASL_CONF_PATH points to where memcached.conf is. memcached.conf points to > memcached-sasl-pwdb via the sasldb_path: line. > > On Tue, 10 Apr 2018, Om Kale wrote: > > > Hi Dormando, > > Thanks for the help. I tried the steps you mentioned but end up getting > similar error. However, the error is slightly different this time. > > Why is it still pointing to '/tmp/memcached-sasl-db' when the > SASL_CONF_PATH specifies the location of the db file. > > > > OKALE-M-33H5:sasl okale$ pwd > > /Users/okale/sasl > > OKALE-M-33H5:sasl okale$ cat memcached.conf > > mech_list: plain > > log_level: 5 > > sasldb_path: /Users/okale/sasl/memcached-sasl-pwdb > > OKALE-M-33H5:sasl okale$ echo testpass | saslpasswd2 -f > /Users/okale/sasl/memcached-sasl-pwdb -a memcached -c -p testuser > > OKALE-M-33H5:sasl okale$ SASL_CONF_PATH="/Users/okale/sasl" memcached -S > -v > > Reading configuration from: > > Initialized SASL. > > mech: ``PLAIN'' with 26 bytes of data > > WARNING: Failed to open sasl database : No such > file or directory > > SASL (severity 2): Password verification failed > > sasl result code: -20 > > Unknown sasl response: -20 > > ^CSignal handled: Interrupt: 2. > > OKALE-M-33H5:sasl okale$ > > OKALE-M-33H5:sasl okale$ > > OKALE-M-33H5:sasl okale$ > > > > > > On client side: > &
Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.
Hi Dormando, I finally figured it out the issue from the above thread itself. The small change in steps as shown below work on my MAC machine: OKALE-M-33H5:memcached-1.5.7 okale$ echo "testuser@OKALE-M-33H5:testpass" > /tmp/memcached-sasl-db OKALE-M-33H5:memcached-1.5.7 okale$ SASL_CONF_PATH="/Users/okale/sasl" memcached -v -S Reading configuration from: Initialized SASL. mech: ``PLAIN'' with 26 bytes of data sasl result code: 0 Client Side: OKALE-M-33H5:mycode okale$ ./testsasl testuser testpass 127.0.0.1 Get/Set success! I observe two things here: 1. The saslpasswd2 doesn't create the memcached-sasl-db file for me, I instead used the echo command listed above. 2. Now memcached appends mylocalhost-mac name i.e. @OKALE-M-33H5 to the username when I run the client. (Not sure why this is the case) It would be great if you could guide me as to whether there is a specific reason to it and will I be able to perform the authentication without saving the username in this format in my sasl db file. Appreciate all the help! Thanks and Regards, Om Kale On Tue, Apr 10, 2018 at 10:07 PM, Om Kale <omkal...@gmail.com> wrote: > Hi Dormando, > Thanks for your guidance. Meanwhile, reading through the memcached email > chain, I see someone else also observed something similar but there was no > solution. The question is how do I create the memcahed-sasl-pwdb file and > populate it with username and password as the saslpasswd2 doesnt seem to be > doing it in this case. > > https://groups.google.com/d/msg/memcached/mtzcFVYahZo/ZGrX6i5FWsUJ > > > > Regards, > Om Kale > > > > > On Tuesday, April 10, 2018 at 7:07:58 PM UTC-7, Om Kale wrote: > >> Yes, that is correct. But if this change is done, then the entry in >> memcached.conf for sasldb_path should also change to sasldb_path: >> /tmp/memcached-sasl-pwdb. >> However, if this change is made still it fails. >> >> OKALE-M-33H5:sasl okale$ cat memcached.conf >> mech_list: plain >> log_level: 5 >> sasldb_path: /tmp/memcached-sasl-pwdb >> OKALE-M-33H5:sasl okale$ echo testpass | saslpasswd2 -f >> /tmp/memcached-sasl-pwdb -a memcached -c -p testuser >> OKALE-M-33H5:sasl okale$ SASL_CONF_PATH="/Users/okale/sasl" memcached -S >> -v >> Reading configuration from: >> Initialized SASL. >> mech: ``PLAIN'' with 26 bytes of data >> WARNING: Failed to open sasl database : No such >> file or directory >> SASL (severity 2): Password verification failed >> sasl result code: -20 >> Unknown sasl response: -20 >> >> >> >> The problem is the saslpasswd2 command is not creating the file in the >> desired location. I am not able to see memcached-sasl-pwdb under /tmp folder >> OKALE-M-33H5:tmp okale$ ls -lrth >> total 2920 >> drwxrwxrwx3 root wheel96B Apr 4 14:42 boost_interprocess >> drwx--3 okale wheel96B Apr 4 14:43 >> com.apple.launchd.PJzhBv7YpC >> drwx--3 okale wheel96B Apr 4 14:43 >> com.apple.launchd.KfTcHnvIT3 >> drwx--3 okale wheel96B Apr 4 14:43 >> com.apple.launchd.ha1KS1S42u >> drwx--4 okale wheel 128B Apr 6 15:44 >> com.apple.installermg8f7zLr >> -rw-r--r--1 root wheel 111B Apr 9 13:01 progress.log >> drwx--2 okale wheel64B Apr 9 13:53 >> KSDownloadAction.uWLwKCAAOF >> drwx--2 okale wheel64B Apr 9 13:53 >> KSOutOfProcessFetcher.3Esze3adI3 >> -rw-r--r--1 root wheel 510B Apr 10 11:36 top.out >> -rw-r--r--1 root wheel 0B Apr 10 12:02 adobesmuoutpk1EMzc >> -rw-r--r--1 root wheel 0B Apr 10 12:02 adobesmuoutpmWzWeW >> -rw-r--r--1 root wheel 0B Apr 10 12:02 adobesmuoutpzm2q3Y >> -rw-r--r--1 root wheel 0B Apr 10 12:02 adobesmuoutpBo8m4d >> -rw-rw-rw-@ 1 okale staff 1.0M Apr 10 16:12 >> libevent-2.1.8-stable.tar.gz >> drwxr-xr-x@ 165 okale wheel 5.2K Apr 10 16:19 libevent-2.1.8-stable >> -rw-rw-rw-@ 1 okale staff 447K Apr 10 16:21 memcached-1.5.7.tar.gz >> srwxr-xr-x1 okale wheel 0B Apr 10 17:25 SIP-Main >> srwxr-xr-x1 okale wheel 0B Apr 10 17:25 SIP-MsgQ >> drwxr-xr-x@ 148 okale wheel 4.6K Apr 10 18:33 memcached-1.5.7 >> OKALE-M-33H5:tmp okale$ >> >> Thanks and Regards, >> Om Kale >> >> >> On Tue, Apr 10, 2018 at 6:41 PM, dormando <dorma...@rydia.net> wrote: >> >> Change: >> >> $ echo testpass | saslpasswd2 -f /Users/okale/sasl/memcached-sasl-pwdb -a >> memcached -c -p testuser >> >> To: >> >> $ echo testpass | saslpasswd2 -f /tmp/memcached-sasl-pwdb -a >> memcached -c -p te
Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.
Yes, that will be very helpful Dormando. I agree, might be missing something. The points where I think I might be going wrong are as follows: 1. The exact location and contents of memcached.conf and the sasl db file - memcached-sasl-pwdb (and the interaction between the two). As per my understanding, SASL_CONF_PATH, tells the memcached server where to read the file from and then the line sasldb_path in the conf file tells the server where to get the sasl db file for username:password authentication. I feel this linkage is not happening correctly in my case. 2. Is the sasl db file generated on its own when I run the server? If yes, do we need to add command line parameters while running the memcached server for this to happen. (FYI: I have configured --enable-sasl-pwdb while running configure) The main problem I am facing right now is memcached-sasl-pwdb is not getting created and populated on its own. Please do let me know the outcome once you try to reproduce it. I am cuurently using MAC-OS high Sierra. Thanks and Regards, Om Kale On Mon, Apr 9, 2018 at 12:28 PM, dormando <dorma...@rydia.net> wrote: > Hey, > > I'll try to reproduce this today. I have a feeling you're skipping some > steps but it's definitely a confusing process... > > On Mon, 9 Apr 2018, Om Kale wrote: > > > Currently my set up is as follows: > > 1. My memcached.conf exists at /Users/okale/Library/Caches/ > Homebrew/memcached-1.5.7/ > > 2. The memcached server on starting reads from this file as shown in the > log: > > OKALE-M-33H5:memcached-1.5.7 okale$ ./memcached -S -v > > Reading configuration from: Homebrew/memcached-1.5.7/memcached.conf> > > Initialized SASL. > > 3. The contents of the memcached.conf are: > > mech_list: plain > > log_level: 5 > > sasldb_path: /Users/okale/Library/Caches/Homebrew/memcached-1.5.7/ > memcached-sasl-pwdb > > 4. The memcached-sasl-pwdb is located at /Users/okale/Library/ > Caches/Homebrew/memcached-1.5.7/ and has the line: > > (I am adding this line manually as the command 'echo "testpass" | > saslpasswd2 -a memcached -c -p testuser' is not creating the file and > adding the > > content in it) > > ok:hello > > > > However, I still see same error on server side: > > mech: ``SRP'' with 15 bytes of data > > SASL (severity 2): no secret in database > > sasl result code: -4 > > Unknown sasl response: -4 > > > > Also on client side, I still see: > > OKALE-M-33H5:mycode okale$ ./testsasl ok hello localhost > > Set failed: AUTHENTICATION FAILURE > > > > > > One more question is: > > Is there any additional info to be provided while starting the memcached > server itself? > > > > Thanks and Regards,Om Kale > > > > > > On Mon, Apr 9, 2018 at 10:35 AM, Om Kale <omkal...@gmail.com> wrote: > > Hey Dormando, > > I do not see the memcached-sasl-pwdb created and the password added in > it. > > The steps are same as above. > > Also, is there a specific location where memcached.conf and the sasl db > file: memcached-sasl-pwdb, need to be put? > > I do not see the memcached-sasl-pwdb created automatically. Also the > memcached.conf is located at t/sasl/memcached.conf, do I need to make the > > modification in this file to point to sasl db or can I create my own > memcached.conf at another location? > > > > > > > > > > Thanks and Regards,Om Kale > > > > > > On Fri, Apr 6, 2018 at 5:53 PM, dormando <dorma...@rydia.net> wrote: > > Hey, > > > > Did the memcached-sasl-pwdb file get created and is there a line > in it? > > > > On Fri, 6 Apr 2018, Om Kale wrote: > > > > > Got it. I see the line you mentioned in the test code. > > > I executed the following steps but still see same issue. (I ran > ./configure after the echo command) > > > > > > > > > Here are the steps: > > > > > > OKALE-M-33H5:memcached-1.5.7 okale$ echo "hello" | saslpasswd2 > -a memcached -c -p ok > > > OKALE-M-33H5:memcached-1.5.7 okale$ ls -lrth | grep -i > 'memcached.conf' > > > -rw-r--r-- 1 okale staff 116B Apr 6 15:28 memcached.conf > > > OKALE-M-33H5:memcached-1.5.7 okale$ > > > OKALE-M-33H5:memcached-1.5.7 okale$ > > > OKALE-M-33H5:memcached-1.5.7 okale$ > > > OKALE-M-33H5:memcached-1.5.7 okale$ cat memcached.conf > > > mech_list: plain > > > log_level: 5 > > > sasldb_path: /Users/okale/Library/Caches/ > Homebrew/memcached-1.5.7/memcached-sasl-pwdb > &
Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.
Hi Dormando, I was just curious to know whether you were able to reproduce the above mentioned issue? Thanks and Regards, Om Kale On Mon, Apr 9, 2018 at 12:53 PM, Om Kale <omkal...@gmail.com> wrote: > Yes, that will be very helpful Dormando. I agree, might be missing > something. > The points where I think I might be going wrong are as follows: > > 1. The exact location and contents of memcached.conf and the sasl db file > - memcached-sasl-pwdb (and the interaction between the two). > As per my understanding, SASL_CONF_PATH, tells the memcached server where > to read the file from and then the line sasldb_path in the conf file tells > the server where to get the sasl db file for username:password > authentication. I feel this linkage is not happening correctly in my case. > > 2. Is the sasl db file generated on its own when I run the server? If yes, > do we need to add command line parameters while running the memcached > server for this to happen. (FYI: I have configured --enable-sasl-pwdb while > running configure) > > The main problem I am facing right now is memcached-sasl-pwdb is not > getting created and populated on its own. > Please do let me know the outcome once you try to reproduce it. I am > cuurently using MAC-OS high Sierra. > > Thanks and Regards, > Om Kale > > > On Mon, Apr 9, 2018 at 12:28 PM, dormando <dorma...@rydia.net> wrote: > >> Hey, >> >> I'll try to reproduce this today. I have a feeling you're skipping some >> steps but it's definitely a confusing process... >> >> On Mon, 9 Apr 2018, Om Kale wrote: >> >> > Currently my set up is as follows: >> > 1. My memcached.conf exists at /Users/okale/Library/Caches/Ho >> mebrew/memcached-1.5.7/ >> > 2. The memcached server on starting reads from this file as shown in >> the log: >> > OKALE-M-33H5:memcached-1.5.7 okale$ ./memcached -S -v >> > Reading configuration from: > omebrew/memcached-1.5.7/memcached.conf> >> > Initialized SASL. >> > 3. The contents of the memcached.conf are: >> > mech_list: plain >> > log_level: 5 >> > sasldb_path: /Users/okale/Library/Caches/Ho >> mebrew/memcached-1.5.7/memcached-sasl-pwdb >> > 4. The memcached-sasl-pwdb is located at >> > /Users/okale/Library/Caches/Homebrew/memcached-1.5.7/ >> and has the line: >> > (I am adding this line manually as the command 'echo "testpass" | >> saslpasswd2 -a memcached -c -p testuser' is not creating the file and >> adding the >> > content in it) >> > ok:hello >> > >> > However, I still see same error on server side: >> > mech: ``SRP'' with 15 bytes of data >> > SASL (severity 2): no secret in database >> > sasl result code: -4 >> > Unknown sasl response: -4 >> > >> > Also on client side, I still see: >> > OKALE-M-33H5:mycode okale$ ./testsasl ok hello localhost >> > Set failed: AUTHENTICATION FAILURE >> > >> > >> > One more question is: >> > Is there any additional info to be provided while starting the >> memcached server itself? >> > >> > Thanks and Regards,Om Kale >> > >> > >> > On Mon, Apr 9, 2018 at 10:35 AM, Om Kale <omkal...@gmail.com> wrote: >> > Hey Dormando, >> > I do not see the memcached-sasl-pwdb created and the password added in >> it. >> > The steps are same as above. >> > Also, is there a specific location where memcached.conf and the sasl db >> file: memcached-sasl-pwdb, need to be put? >> > I do not see the memcached-sasl-pwdb created automatically. Also the >> memcached.conf is located at t/sasl/memcached.conf, do I need to make the >> > modification in this file to point to sasl db or can I create my own >> memcached.conf at another location? >> > >> > >> > >> > >> > Thanks and Regards,Om Kale >> > >> > >> > On Fri, Apr 6, 2018 at 5:53 PM, dormando <dorma...@rydia.net> wrote: >> > Hey, >> > >> > Did the memcached-sasl-pwdb file get created and is there a line >> in it? >> > >> > On Fri, 6 Apr 2018, Om Kale wrote: >> > >> > > Got it. I see the line you mentioned in the test code. >> > > I executed the following steps but still see same issue. (I ran >> ./configure after the echo command) >> > > >> > > >> > > Here are the steps: >> > > >> > > OKALE-M-33H5:memcached-1.5.7 okale$ echo "
Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.
Currently my set up is as follows:
1. My memcached.conf exists at /Users/okale/Library/Caches/
Homebrew/memcached-1.5.7/
2. The memcached server on starting reads from this file as shown in the
log:
OKALE-M-33H5:memcached-1.5.7 okale$ ./memcached -S -v
Reading configuration from:
Initialized SASL.
3. The contents of the memcached.conf are:
mech_list: plain
log_level: 5
sasldb_path: /Users/okale/Library/Caches/Homebrew/memcached-1.5.7/
memcached-sasl-pwdb
4. The memcached-sasl-pwdb is located at /Users/okale/Library/Caches/
Homebrew/memcached-1.5.7/ and has the line:
(I am adding this line manually as the command 'echo "testpass" |
saslpasswd2 -a memcached -c -p testuser' is not creating the file and
adding the content in it)
ok:hello
However, I still see same error on server side:
mech: ``SRP'' with 15 bytes of data
SASL (severity 2): no secret in database
sasl result code: -4
Unknown sasl response: -4
Also on client side, I still see:
OKALE-M-33H5:mycode okale$ ./testsasl ok hello localhost
Set failed: AUTHENTICATION FAILURE
One more question is:
Is there any additional info to be provided while starting the memcached
server itself?
Thanks and Regards,
Om Kale
On Mon, Apr 9, 2018 at 10:35 AM, Om Kale <omkal...@gmail.com> wrote:
> Hey Dormando,
> I do not see the memcached-sasl-pwdb created and the password added in it.
> The steps are same as above.
> Also, is there a specific location where memcached.conf and the sasl db
> file: memcached-sasl-pwdb, need to be put?
> I do not see the memcached-sasl-pwdb created automatically. Also the
> memcached.conf is located at t/sasl/memcached.conf, do I need to make the
> modification in this file to point to sasl db or can I create my own
> memcached.conf at another location?
>
>
>
>
> Thanks and Regards,
> Om Kale
>
>
> On Fri, Apr 6, 2018 at 5:53 PM, dormando <dorma...@rydia.net> wrote:
>
>> Hey,
>>
>> Did the memcached-sasl-pwdb file get created and is there a line in it?
>>
>> On Fri, 6 Apr 2018, Om Kale wrote:
>>
>> > Got it. I see the line you mentioned in the test code.
>> > I executed the following steps but still see same issue. (I ran
>> ./configure after the echo command)
>> >
>> >
>> > Here are the steps:
>> >
>> > OKALE-M-33H5:memcached-1.5.7 okale$ echo "hello" | saslpasswd2 -a
>> memcached -c -p ok
>> > OKALE-M-33H5:memcached-1.5.7 okale$ ls -lrth | grep -i 'memcached.conf'
>> > -rw-r--r-- 1 okale staff 116B Apr 6 15:28 memcached.conf
>> > OKALE-M-33H5:memcached-1.5.7 okale$
>> > OKALE-M-33H5:memcached-1.5.7 okale$
>> > OKALE-M-33H5:memcached-1.5.7 okale$
>> > OKALE-M-33H5:memcached-1.5.7 okale$ cat memcached.conf
>> > mech_list: plain
>> > log_level: 5
>> > sasldb_path: /Users/okale/Library/Caches/Ho
>> mebrew/memcached-1.5.7/memcached-sasl-pwdb
>> > OKALE-M-33H5:memcached-1.5.7 okale$
>> > OKALE-M-33H5:memcached-1.5.7 okale$
>> > OKALE-M-33H5:memcached-1.5.7 okale$ ./memcached -S -v
>> > Reading configuration from: > omebrew/memcached-1.5.7/memcached.conf>
>> > Initialized SASL.
>> > mech: ``SRP'' with 15 bytes of data
>> > SASL (severity 2): no secret in database
>> > sasl result code: -4
>> > Unknown sasl response: -4
>> >
>> >
>> >
>> > Client side:
>> > OKALE-M-33H5:mycode okale$ ./testsasl ok hello localhost
>> > Set failed: AUTHENTICATION FAILURE
>> > OKALE-M-33H5:mycode okale$
>> >
>> >
>> >
>> > Is there a specific location where memcached.conf and the sasl db file:
>> memcached-sasl-pwdb, need to be put?
>> >
>> >
>> >
>> >
>> > Thanks and Regards,Om Kale
>> >
>> >
>> > On Fri, Apr 6, 2018 at 3:54 PM, dormando <dorma...@rydia.net> wrote:
>> > Read the 30 lines around where I said, not just that line.
>> >
>> > though I guess it's just:
>> >
>> > system("echo testpass | $saslpasswd_path -a memcached -c -p
>> testuser");
>> >
>> > so that means:
>> >
>> > echo "testpass" | saslpasswd2 -a memcached -c -p testuser
>> > if you run that from the same directory as your memcached.conf
>> (or use -f
>> > to point to it?), it should create the file properly.
>> >
>> > I'm saying to use the tool instead of just putting the
>> username/password
>> > into the file, and also using the sasldb_path: argument in
>> memcached.conf
>> > to point to
Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.
Hi Dormando, Thanks for the help. I tried the steps you mentioned but end up getting similar error. However, the error is slightly different this time. Why is it still pointing to '/tmp/memcached-sasl-db' when the SASL_CONF_PATH specifies the location of the db file. OKALE-M-33H5:sasl okale$ pwd /Users/okale/sasl OKALE-M-33H5:sasl okale$ cat memcached.conf mech_list: plain log_level: 5 sasldb_path: /Users/okale/sasl/memcached-sasl-pwdb OKALE-M-33H5:sasl okale$ echo testpass | saslpasswd2 -f /Users/okale/sasl/memcached-sasl-pwdb -a memcached -c -p testuser OKALE-M-33H5:sasl okale$ SASL_CONF_PATH="/Users/okale/sasl" memcached -S -v Reading configuration from: Initialized SASL. mech: ``PLAIN'' with 26 bytes of data WARNING: Failed to open sasl database : No such file or directory SASL (severity 2): Password verification failed sasl result code: -20 Unknown sasl response: -20 ^CSignal handled: Interrupt: 2. OKALE-M-33H5:sasl okale$ OKALE-M-33H5:sasl okale$ OKALE-M-33H5:sasl okale$ On client side: OKALE-M-33H5:mycode okale$ ./testsasl testuser testpass 127.0.0.1 Set failed: FAILED TO SEND AUTHENTICATION TO SERVER OKALE-M-33H5:mycode okale$ ./testsasl testuser testpass localhost Set failed: AUTHENTICATION FAILURE OKALE-M-33H5:mycode okale$ Any idea why? Thanks and Regards, Om Kale On Tue, Apr 10, 2018 at 4:38 PM, dormando <dorma...@rydia.net> wrote: > yes and yes. > > mkdir sasl > cd sasl > then created memcached.conf > I did not create memcached-sasl-pwdb manually. saslpasswd2 made that for > me after I passed the -f argument. > > On Tue, 10 Apr 2018, Om Kale wrote: > > > Hi Dormando, > > Thanks for the update. I will try this out now. But before this I had > one more quick question. > > Did you create the sasl folder and memcached.conf manually inside > /home/dormando/ ? > > > > > > Thanks and Regards,Om Kale > > > > > > On Tue, Apr 10, 2018 at 3:38 PM, dormando <dorma...@rydia.net> wrote: > > Hey, > > > > Was able to authenticate with your tool: > > > > $ pwd > > /home/dormando/sasl > > $ cat memcached.conf > > mech_list: plain > > log_level: 5 > > sasldb_path: /home/dormando/sasl/memcached-sasl-pwdb > > $ echo testpass | saslpasswd2 -f > > /home/dormando/sasl/memcached-sasl-pwdb -a memcached -c -p > testuser > > $ SASL_CONF_PATH="/home/dormando/sasl" memcached -S -v > > INFO: MEMCACHED_SASL_PWDB not specified. Internal passwd database > disabled > > Initialized SASL. > > $ ./testsasl testuser testpass 127.0.0.1 > > Get/Set success! > > > > Just add the "-f /path/to/sasl-pwdb" to saslpasswd2 and let it > create the > > entry for you. Your manual passwd DB isn't valid. > > > > Without the -f the tool was exiting with "Generic failure" > (should've > > asked you what the exit code was earlier, sorry). Strace'ing it > showed it > > was trying to open /etc/sasl and write a new file, but I wasn't > running as > > root. > > > > On Tue, 10 Apr 2018, Om Kale wrote: > > > > > Hey Dormando, > > > Today I tried reinstalling memcached from scratch and followed > the procedure in the wiki > > > and the points you mentiibed however same issue of 'no secret in > database' is still > > > observed. > > > > > > In addition, did the following steps but still no success. > > > https://stackoverflow.com/questions/12919032/can-i-set- > username-and-password-on-memcach > > > ed-like-mysql > > > > > > > > > Thanks and Regards,Om Kale > > > > > > On Mon, Apr 9, 2018 at 11:58 PM, dormando <dorma...@rydia.net> > wrote: > > > Sorry, ran out of time today. will try for earlier tomorrow > > > > > > On Mon, 9 Apr 2018, Om Kale wrote: > > > > > > > Hi Dormando,I was just curious to know whether you were > able to reproduce > > > the above > > > > mentioned issue? > > > > > > > > Thanks and Regards,Om Kale > > > > > > > > On Mon, Apr 9, 2018 at 12:53 PM, Om Kale < > omkal...@gmail.com> wrote: > > > > Yes, that will be very helpful Dormando. I agree, > might be missing > > > > something. > > > > The points where I think I might be goi
Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.
Hi Dormando, Don't worry about it. I figured it out. I had to make some changes in the cyrus-sasl config files and re-configure and then make memcached again. Also had to re-configure libmemcached with --enable-sasl option. Looking forward to your token based implementation. Regards, Om Kale On Tue, Apr 17, 2018, 7:04 PM dormando <dorma...@rydia.net> wrote: > Ah, I think you're stuck with SASL then. > > If I try to help you further I'll just be googling cyrus stuff and reading > its source code; it's not really something I can help you with, sorry :( > > On Tue, 17 Apr 2018, Om Kale wrote: > > > Unique to the client. > > > > Thanks and Regards, > > Om Kale > > > > On Tue, Apr 17, 2018 at 3:41 PM, dormando <dorma...@rydia.net> wrote: > > Are you saying the tokens need to be unique to each client, or can > they > > all share a single token? > > > > On Tue, 17 Apr 2018, Om Kale wrote: > > > > > So my wireless application needs authentication support before a > trusted client can do a get/set. > > > As long as I can do this, the underlying mechanism is not that > critical. The token proposol can also work but again there should be a > > mechanism where > > > server authenticates for the clients and the number of clients > can be pretty large. > > > > > > Thanks and Regards,Om Kale > > > > > > > > > On Tue, Apr 17, 2018 at 3:25 PM, dormando <dorma...@rydia.net> > wrote: > > > Also, I should ask again; do you need SASL in specific or > would something > > > like my authentication token proposal from a week ago work? > > > > > > On Tue, 17 Apr 2018, dormando wrote: > > > > > > > "failed to list sasl mechanisms" is beyond my knowledge > :/ you might not > > > > have config files for cyrus sasl. you should search their > > > > knowledgebases/mails/etc. > > > > > > > > On Tue, 17 Apr 2018, Om Kale wrote: > > > > > > > > > Sorry about that it was a typo in the email: > > > > > > > > > > :~/sasl$ cat memcached.conf > > > > > mech_list: plain > > > > > log_level: 5 > > > > > sasldb_path: /home/okale/sasl/memcached-sasl-pwdb > > > > > > > > > > > > > > > :~/sasl$ pwd > > > > > /home/okale/sasl > > > > > :~/sasl$ > > > > > :~/sasl$ ls > > > > > memcached.conf memcached-sasl-pwdb > > > > > > > > > > > > > > > > > > > > > > > > > Thanks and Regards,Om Kale > > > > > > > > > > On Tue, Apr 17, 2018 at 3:11 PM, dormando < > dorma...@rydia.net> wrote: > > > > > Hey, > > > > > > > > > > > > > > > > > > > > > > > > > > > > Btw, I do have the correct memcached.conf file > entry > > > > > > mech_list: plain > > > > > > log_level: 5 > > > > > > sasldb_path: /home//sasl/memcached-sasl-pwdb > > > > > > > > > > Is this missing your username? is the > memcached-sasl-pwdb file actually > > > > > there? > > > > > > > > > > > > > > > > > Thanks and Regards,Om Kale > > > > > > > > > > > > > > > > > > On Tue, Apr 17, 2018 at 2:25 PM, dormando < > dorma...@rydia.net> wrote: > > > > > > Hey, > > > > > > > > > > > > That's because memcached isn't linking > against the library you're > > > > > > specifying... It's going to be much > faster for you to search the internet > > > > >
Re: memcached + SASL: Password verification failed
Hi Jiuming, Were you able to make it work with DIGEST-MD5 instead of just PLAIN auth? Regards, Om Kale Master of Science in Electrical and Computer Engineering Georgia Institute of Technology On Fri, Mar 22, 2019 at 2:40 PM Jiuming Shao wrote: > Thanks! I figured it out by postfixing `@memcached.realm` after my key. > > dormando 于2019年3月19日周二 上午10:49写道: > >> t/binary-sasl.t under memcached/memcached should show you examples of how >> to authenticate. You should be able to just hack up the test to get more >> information about what the password files look like/etc. it writes it out >> to tmp. >> >> seems some systems require the @hostname and some don't (mine doesn't, I >> haven't looked into why) >> >> On Tue, 19 Mar 2019, Jiuming Shao wrote: >> >> > Thanks for getting back to me! I referred to that because >> memcached/memcached does not tell me how the binary protocol packets for >> SASL >> > AUTH looks like. For all the server configuration and db setup, I >> followed https://github.com/memcached/memcached/wiki/SASLHowto >> > and https://github.com/memcached/memcached/wiki/SASLAuthProtocol >> > Please let me know when you have time to take a closer look. >> > >> > Cheers! >> > Jiuming >> > >> > dormando 于2019年3月18日周一 下午4:10写道: >> > Hey, >> > >> > Can look more closely later, but a few quick things that might >> help: >> > >> > 1) stick to memcached/memcached on github - that's an old >> couchbase fork >> > you linked to. If you're using couchbase you need to talk to them >> instead. >> > >> > 2) in the t/ dir there're some unit tests for SASL which might >> help you >> > understand the workflow better. >> > >> > On Mon, 18 Mar 2019, Jiuming Shao wrote: >> > >> > > Hey all, >> > > I am writing my own implementation of a memcachedClient within >> which I want to add authentication. I just started with >> > PLAIN auth but >> > > failed. >> > > >> > > My main reference is this one >> https://github.com/couchbase/memcached/blob/master/docs/sasl.md >> > > My guess is that the binary message I am sending through the >> wire was wrong, thus it could never match with the secret I >> > store in the db >> > > file. >> > > After searching around, I found out the SASL_AUTH(0X21) is also >> a key-value like operation, where the key is the auth >> > mechanism, and the >> > > value being auth data. The tricky part is how I put them in the >> outgoing request. >> > > >> > > Please correct me if i am wrong, below is an example of PLAIN >> auth request >> > > 1. The auth mechanism comes right after the header. in this >> case 'PLAIN' >> > > 2. A NULL byte comes after the "key" -> "PLAIN". In this case >> byte # 29. >> > > 3. Then comes the user@hostName >> > > 4. A NULL bytes comes after user@hostname. In this case byte >> # 34 >> > > 5. The last part is the password >> > > >> > > Byte/ 0 | 1 | 2 | 3 >>| >> > > / | | | >> | >> > > |0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7|0 1 2 3 4 >> 5 6 7| >> > > >> +---+---+---+---+ >> > >0| 0x80 | 0x21 | 0x00 | 0x05 >> | >> > > >> +---+---+---+---+ >> > >4| 0x00 | 0x00 | 0x00 | 0x00 >> | >> > > >> +---+---+---+---+ >> > >8| 0x00 | 0x00 | 0x00 | 0x11 >> | >> > > >> +---+---+---+---+ >> > > 12| 0x00 | 0x00 | 0x00 | 0x00 >> | >> > > >> +---+---+---+---+ >> > > 16| 0x00 | 0x00 | 0x00 | 0x00 >> | >> > > >> +---+---+---+---+ >
Re: memcached + SASL: Password verification failed
Alright...cool. Let me know if you ever successfully get DIGEST-MD5 working. Have a great weekend! Thanks and Regards, Om Kale Master of Science in Electrical and Computer Engineering Georgia Institute of Technology On Fri, Mar 22, 2019 at 3:23 PM Jiuming Shao wrote: > Hi Om, > > No. I just started with PLAIN as a PoC. > > Cheers! > > Om Kale 于2019年3月22日周五 下午3:17写道: > >> Hi Jiuming, >> Were you able to make it work with DIGEST-MD5 instead of just PLAIN auth? >> >> Regards, >> Om Kale >> Master of Science in Electrical and Computer Engineering >> Georgia Institute of Technology >> >> >> On Fri, Mar 22, 2019 at 2:40 PM Jiuming Shao >> wrote: >> >>> Thanks! I figured it out by postfixing `@memcached.realm` after my key. >>> >>> dormando 于2019年3月19日周二 上午10:49写道: >>> >>>> t/binary-sasl.t under memcached/memcached should show you examples of >>>> how >>>> to authenticate. You should be able to just hack up the test to get more >>>> information about what the password files look like/etc. it writes it >>>> out >>>> to tmp. >>>> >>>> seems some systems require the @hostname and some don't (mine doesn't, I >>>> haven't looked into why) >>>> >>>> On Tue, 19 Mar 2019, Jiuming Shao wrote: >>>> >>>> > Thanks for getting back to me! I referred to that because >>>> memcached/memcached does not tell me how the binary protocol packets for >>>> SASL >>>> > AUTH looks like. For all the server configuration and db setup, I >>>> followed https://github.com/memcached/memcached/wiki/SASLHowto >>>> > and https://github.com/memcached/memcached/wiki/SASLAuthProtocol >>>> > Please let me know when you have time to take a closer look. >>>> > >>>> > Cheers! >>>> > Jiuming >>>> > >>>> > dormando 于2019年3月18日周一 下午4:10写道: >>>> > Hey, >>>> > >>>> > Can look more closely later, but a few quick things that might >>>> help: >>>> > >>>> > 1) stick to memcached/memcached on github - that's an old >>>> couchbase fork >>>> > you linked to. If you're using couchbase you need to talk to >>>> them instead. >>>> > >>>> > 2) in the t/ dir there're some unit tests for SASL which might >>>> help you >>>> > understand the workflow better. >>>> > >>>> > On Mon, 18 Mar 2019, Jiuming Shao wrote: >>>> > >>>> > > Hey all, >>>> > > I am writing my own implementation of a memcachedClient >>>> within which I want to add authentication. I just started with >>>> > PLAIN auth but >>>> > > failed. >>>> > > >>>> > > My main reference is this one >>>> https://github.com/couchbase/memcached/blob/master/docs/sasl.md >>>> > > My guess is that the binary message I am sending through the >>>> wire was wrong, thus it could never match with the secret I >>>> > store in the db >>>> > > file. >>>> > > After searching around, I found out the SASL_AUTH(0X21) is >>>> also a key-value like operation, where the key is the auth >>>> > mechanism, and the >>>> > > value being auth data. The tricky part is how I put them in >>>> the outgoing request. >>>> > > >>>> > > Please correct me if i am wrong, below is an example of PLAIN >>>> auth request >>>> > > 1. The auth mechanism comes right after the header. in this >>>> case 'PLAIN' >>>> > > 2. A NULL byte comes after the "key" -> "PLAIN". In this >>>> case byte # 29. >>>> > > 3. Then comes the user@hostName >>>> > > 4. A NULL bytes comes after user@hostname. In this case >>>> byte # 34 >>>> > > 5. The last part is the password >>>> > > >>>> > > Byte/ 0 | 1 | 2 | 3 >>>> | >>>> > > / | | | >>>>| >>>> > > |0 1 2 3 4 5 6 7|0 1 2 3
Re: binary protocol?
Hey Dormando, As of now only binary protocol supports SASL. Correct me if I am wrong but to ensure compatibility with SASL and libmemcached clients we would need binary protocol support right? Thanks and Regards, Om Kale On Thu, May 9, 2019 at 2:58 PM dormando wrote: > Yo, > > Any of you out there really _like_ the binary protocol? Aside from the > features it gives (CAS everywhere, pipelining, etc). > > just thinkin' through some things. > > Thanks, > -Dormando > > -- > > --- > You received this message because you are subscribed to the Google Groups > "memcached" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to memcached+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/memcached/alpine.DEB.2.21.1905091457160.27082%40dskull > . > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "memcached" group. To unsubscribe from this group and stop receiving emails from it, send an email to memcached+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/memcached/CANvBZ%3DvraaTi48Yu-a07gfc-OCAJ%3DfJfA_z97XA3UvjFretK5g%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
