Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.

2018-05-24 Thread Om Kale
Hey Dormando, I have figured the stunnel approach and it works. So AUTH is figured out. Thanks for the guidance. Now. I have one more question about encryption. SASL requires binary protocol to be enabled. However, if I use binary protocol, the set encyption key function by libmemcached fails:

Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.

2018-05-07 Thread dormando
On Mon, 7 May 2018, Om Kale wrote: > Okcouple of follow up questions on the same:1. Inorder to enable/set up > stunnel on memcached server, I need to create certificates using openssl. How > do I execute the openssl certificate generation on memcached server? Also, > after this how could I

Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.

2018-05-07 Thread Om Kale
Okcouple of follow up questions on the same: 1. Inorder to enable/set up stunnel on memcached server, I need to create certificates using openssl. How do I execute the openssl certificate generation on memcached server? Also, after this how could I distribute this to client? 2. Additionally,

Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.

2018-05-07 Thread dormando
hmm. I guess so... re: stunnel, as I detailed you still have to get the client (libmemcached) to talk over TLS. For the server, no change. For the client, you could prototype by having stunnel local to the client and connect through that. so you have stunnel talking to stunnel. If that's not

Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.

2018-05-07 Thread Om Kale
The problem with libsasl2 was regarding license. Also, I am unsure if libsasl2 will give me an ability to perform some sort of certificate based authentication. One more question I had was, would the use of stunnel need any code change with memached codebase? Thanks and Regards, Om Kale On Mon,

Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.

2018-05-07 Thread dormando
Hey, Just to be clear: I'm completely positive you can make this work with just the libsasl2 that comes with openwrt, you don't need to rebuild it. the problem is you can't use sasl over an untrusted network: SASL is supposed to be used underneath TLS or a trusted network. Either way, try

Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.

2018-05-07 Thread Om Kale
Hi Dormando and Trond, I think I will first try Dormando's suggestion of stunnel before delving into changing the memcached code itself. I haven't read much about stunnel, so will need to look into it in some detail. Again, thanks a lot for the support. It would have been very good if I could have

Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.

2018-05-05 Thread dormando
> On Fri, May 4, 2018 at 10:46 PM dormando wrote: > > The closest would be SCRAM-SHA-256/512 mechanism, but the RFC for that > states "in combination with TLS" up front, and I'd be wary of using it > over the internet as well. > > > If we ignore TLS for a second

Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.

2018-05-05 Thread Trond Norbye
On Fri, May 4, 2018 at 10:46 PM dormando wrote: > > The closest would be SCRAM-SHA-256/512 mechanism, but the RFC for that > states "in combination with TLS" up front, and I'd be wary of using it > over the internet as well. > If we ignore TLS for a second and just look at

Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.

2018-05-04 Thread dormando
Actually I take this back... SASL is not usable over the internet in any form. It didn't click in my head that you were going over the internet for some reason. The closest would be SCRAM-SHA-256/512 mechanism, but the RFC for that states "in combination with TLS" up front, and I'd be wary of

Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.

2018-05-04 Thread dormando
Hey, On Fri, 4 May 2018, Om Kale wrote: > Hey Dormando and Trond,Thanks a lot for all of your inputs.  > Let me give you guys a quick summary of what I am planning to do and the > issues I am facing: > I need memcached server with encryption and authentication support on > wireless devices.

Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.

2018-05-04 Thread Trond Norbye
If all you need is SASL authentication with DIGEST-MD5 and PLAIN mechanisms you should be able to implement the few methods used by memcached relatively quickly after you read the SASL spec (and get around any licensing issues). During startup memcached calls sasl_server_init where it sets up an

Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.

2018-05-03 Thread dormando
You need the server to be on any OS? I thought it was a router thing you were embedding. What exactly are you doing, if you can share? On Wed, 2 May 2018, Om Kale wrote: > Hey Dormando,Yes you are right. I agree with you. I have gotten everything > working with Ubuntu since Day 1 using the

Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.

2018-05-02 Thread dormando
Hey, Please interpret this with kindness: if you're struggling getting sasl to work, getting asynchronous TLS to work, be performant enough, and not buggy, while also forking the project, is going to be a very very bad idea for you. If you're willing to put the effort into figuring out TLS into

Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.

2018-04-26 Thread Om Kale
Hi Dormando, Hope your doing well and thanks for all the help you have been providing. One quick question on using other SASL mechanisms like DIGEST-MD5, CRAM-MD5. Apart from adding them to the memcached.conf under mech_list, is there other chages needed on client side code/ memcached-sasl-pwdb to

Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.

2018-04-17 Thread Om Kale
Hi Dormando, Don't worry about it. I figured it out. I had to make some changes in the cyrus-sasl config files and re-configure and then make memcached again. Also had to re-configure libmemcached with --enable-sasl option. Looking forward to your token based implementation. Regards, Om Kale On

Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.

2018-04-17 Thread dormando
oh; you might need to `sudo ldconfig` before that works, too On Tue, 17 Apr 2018, Om Kale wrote: > Hey Dormando, > I was trying to play around with memcached sasl a bit more on Ubuntu. > I tried to use the cyrus sasl libraries. > However, when I try to run the memcached server it gives the

Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.

2018-04-17 Thread dormando
Did you recompile memcached on there or copy the binary? On Tue, 17 Apr 2018, Om Kale wrote: > Hey Dormando, > I was trying to play around with memcached sasl a bit more on Ubuntu. > I tried to use the cyrus sasl libraries. > However, when I try to run the memcached server it gives the following

Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.

2018-04-11 Thread dormando
I don't see anything wrong with it. Since you ultimately need this to run on ubuntu, why don't you start testing with a VM? It might not matter at all if the problem is just with the mac. On Wed, 11 Apr 2018, Om Kale wrote: > Ah, I see. This person on the memcached group also observed the same

Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.

2018-04-11 Thread dormando
I'm on ubuntu.. I didn't do anything special or change anything, I gave a list of all the commands I ran to make it work verbatim. I didn't have the username@ETC issue happen at all. If I had to guess, that would need to be fixed on the client side. On Wed, 11 Apr 2018, Om Kale wrote: > Hey

Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.

2018-04-11 Thread dormando
I don't really know. I don't have a mac so I don't know why saslpasswd2 doesn't work. If it gives you any output when it doesn't work (with the -f argument), please share it. You can also strace the command to see if there are any obvious errors before it exits. There must be some reason why it's

Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.

2018-04-10 Thread Om Kale
Hi Dormando, I finally figured it out the issue from the above thread itself. The small change in steps as shown below work on my MAC machine: OKALE-M-33H5:memcached-1.5.7 okale$ echo "testuser@OKALE-M-33H5:testpass" > /tmp/memcached-sasl-db OKALE-M-33H5:memcached-1.5.7 okale$

Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.

2018-04-10 Thread dormando
Hey, What is the exact output from saslpasswd2 when you run it? On Tue, 10 Apr 2018, Om Kale wrote: > Hi Dormando, > Thanks for your guidance. Meanwhile, reading through the memcached email > chain, I see someone else also observed something similar but there was no > solution. The question is

Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.

2018-04-10 Thread Om Kale
Hi Dormando, Thanks for your guidance. Meanwhile, reading through the memcached email chain, I see someone else also observed something similar but there was no solution. The question is how do I create the memcahed-sasl-pwdb file and populate it with username and password as the saslpasswd2

Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.

2018-04-10 Thread dormando
Change: $ echo testpass | saslpasswd2 -f /Users/okale/sasl/memcached-sasl-pwdb -a memcached -c -p testuser To: $ echo testpass | saslpasswd2 -f /tmp/memcached-sasl-pwdb -a memcached -c -p testuser SASL_CONF_PATH points to where memcached.conf is. memcached.conf points to memcached-sasl-pwdb

Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.

2018-04-10 Thread Om Kale
Hi Dormando, Thanks for the help. I tried the steps you mentioned but end up getting similar error. However, the error is slightly different this time. Why is it still pointing to '/tmp/memcached-sasl-db' when the SASL_CONF_PATH specifies the location of the db file. OKALE-M-33H5:sasl okale$ pwd

Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.

2018-04-10 Thread dormando
yes and yes. mkdir sasl cd sasl then created memcached.conf I did not create memcached-sasl-pwdb manually. saslpasswd2 made that for me after I passed the -f argument. On Tue, 10 Apr 2018, Om Kale wrote: > Hi Dormando, > Thanks for the update. I will try this out now. But before this I had one

Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.

2018-04-10 Thread Om Kale
Hi Dormando, Thanks for the update. I will try this out now. But before this I had one more quick question. Did you create the sasl folder and memcached.conf manually inside /home/dormando/ ? Thanks and Regards, Om Kale On Tue, Apr 10, 2018 at 3:38 PM, dormando wrote: >

Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.

2018-04-10 Thread dormando
Hey, Was able to authenticate with your tool: $ pwd /home/dormando/sasl $ cat memcached.conf mech_list: plain log_level: 5 sasldb_path: /home/dormando/sasl/memcached-sasl-pwdb $ echo testpass | saslpasswd2 -f /home/dormando/sasl/memcached-sasl-pwdb -a memcached -c -p testuser $

Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.

2018-04-10 Thread Om Kale
Hey Dormando, Today I tried reinstalling memcached from scratch and followed the procedure in the wiki and the points you mentiibed however same issue of 'no secret in database' is still observed. In addition, did the following steps but still no success.

Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.

2018-04-10 Thread dormando
Sorry, ran out of time today. will try for earlier tomorrow On Mon, 9 Apr 2018, Om Kale wrote: > Hi Dormando,I was just curious to know whether you were able to reproduce the > above > mentioned issue? > > Thanks and Regards,Om Kale > > On Mon, Apr 9, 2018 at 12:53 PM, Om Kale

Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.

2018-04-09 Thread Om Kale
Hi Dormando, I was just curious to know whether you were able to reproduce the above mentioned issue? Thanks and Regards, Om Kale On Mon, Apr 9, 2018 at 12:53 PM, Om Kale wrote: > Yes, that will be very helpful Dormando. I agree, might be missing > something. > The points

Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.

2018-04-09 Thread Om Kale
Yes, that will be very helpful Dormando. I agree, might be missing something. The points where I think I might be going wrong are as follows: 1. The exact location and contents of memcached.conf and the sasl db file - memcached-sasl-pwdb (and the interaction between the two). As per my

Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.

2018-04-09 Thread dormando
Hey, I'll try to reproduce this today. I have a feeling you're skipping some steps but it's definitely a confusing process... On Mon, 9 Apr 2018, Om Kale wrote: > Currently my set up is as follows: > 1. My memcached.conf exists at > /Users/okale/Library/Caches/Homebrew/memcached-1.5.7/ > 2.

Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.

2018-04-09 Thread Om Kale
Currently my set up is as follows: 1. My memcached.conf exists at /Users/okale/Library/Caches/ Homebrew/memcached-1.5.7/ 2. The memcached server on starting reads from this file as shown in the log: OKALE-M-33H5:memcached-1.5.7 okale$ ./memcached -S -v Reading configuration from: Initialized

Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.

2018-04-09 Thread Om Kale
Hey Dormando, I do not see the memcached-sasl-pwdb created and the password added in it. The steps are same as above. Also, is there a specific location where memcached.conf and the sasl db file: memcached-sasl-pwdb, need to be put? I do not see the memcached-sasl-pwdb created automatically. Also

Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.

2018-04-06 Thread dormando
Hey, Did the memcached-sasl-pwdb file get created and is there a line in it? On Fri, 6 Apr 2018, Om Kale wrote: > Got it. I see the line you mentioned in the test code. > I executed the following steps but still see same issue. (I ran ./configure > after the echo command) > > > Here are the

Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.

2018-04-06 Thread Om Kale
Got it. I see the line you mentioned in the test code. I executed the following steps but still see same issue. (I ran ./configure after the echo command) Here are the steps: OKALE-M-33H5:memcached-1.5.7 okale$ echo "hello" | saslpasswd2 -a memcached -c -p ok OKALE-M-33H5:memcached-1.5.7 okale$

Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.

2018-04-06 Thread dormando
Read the 30 lines around where I said, not just that line. though I guess it's just: system("echo testpass | $saslpasswd_path -a memcached -c -p testuser"); so that means: echo "testpass" | saslpasswd2 -a memcached -c -p testuser if you run that from the same directory as your memcached.conf

Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.

2018-04-06 Thread Om Kale
Hey Dormando, Ok. When I look at the 't/binary-sasl.t' and search for the section you mentioned, I see this: # Build the auth DB for testing. my $sasldb = '/tmp/test-memcached.sasldb'; unlink $sasldb; In the t/sasl/memcached.conf, I see the following: mech_list: plain cram-md5 log_level: 5

Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.

2018-04-06 Thread dormando
Just for sanity's sake, if you look at: t/sasl/memcached.conf in the tarball, and look at t/binary-sasl.t (look for the section starting with "my $sasldb =", and build a passwd + configure the pwdb that way, does it work? to reiterate; the test config file explicitly declares the path for the db

Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.

2018-04-06 Thread Om Kale
Yup, it will be really helpful if you could try and reproduce it. Yes...that's the thing I was wondering, 'no secret in database' means its able to reach the database, but unable to read/load the memcached-sasl-pwdb file. Additionally, I was wondering, if there is need to write additional code

Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.

2018-04-06 Thread dormando
No secret in database means it thinks the pwdb is empty (or it can't load/find the pwdb). I'm not sure why offhand.. I can try to reproduce it but won't have time until later today. On Fri, 6 Apr 2018, Om Kale wrote: > Hi Dormando, > Thanks for the quick reply. I used the environment variable

Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.

2018-04-06 Thread Om Kale
Hi Dormando, Thanks for the quick reply. I used the environment variable you suggested before running the memcached server instance: MEMCACHED_SASL_PWDB="/Users/ okale/Library/Caches/Homebrew/memcached-1.5.7/memcached-sasl-pwdb" I have added the following in my memcached.conf file (so basically

Re: Regarding setting up SASL with memcached server and getting a memcached client to associate with server.

2018-04-06 Thread dormando
On Fri, 6 Apr 2018, Om Kale wrote: > and then try to run my client, I get the following error on the server: > > > OKALE-M-33H5:memcached-1.5.7 okale$ ./memcached -S -v > Reading configuration from: > > Initialized SASL. > mech:  ``SRP'' with 15 bytes of data > SASL (severity 2): no secret in