Hey Dormando,
I have figured the stunnel approach and it works. So AUTH is figured out.
Thanks for the guidance. Now. I have one more question about encryption.
SASL requires binary protocol to be enabled. However, if I use binary
protocol, the set encyption key function by libmemcached fails:
On Mon, 7 May 2018, Om Kale wrote:
> Okcouple of follow up questions on the same:1. Inorder to enable/set up
> stunnel on memcached server, I need to create certificates using openssl. How
> do I execute the openssl certificate generation on memcached server? Also,
> after this how could I
Okcouple of follow up questions on the same:
1. Inorder to enable/set up stunnel on memcached server, I need to create
certificates using openssl. How do I execute the openssl certificate
generation on memcached server? Also, after this how could I distribute
this to client?
2. Additionally,
hmm. I guess so...
re: stunnel, as I detailed you still have to get the client (libmemcached)
to talk over TLS. For the server, no change.
For the client, you could prototype by having stunnel local to the client
and connect through that. so you have stunnel talking to stunnel. If
that's not
The problem with libsasl2 was regarding license. Also, I am unsure if
libsasl2 will give me an ability to perform some sort of certificate based
authentication.
One more question I had was, would the use of stunnel need any code change
with memached codebase?
Thanks and Regards,
Om Kale
On Mon,
Hey,
Just to be clear: I'm completely positive you can make this work with just
the libsasl2 that comes with openwrt, you don't need to rebuild it. the
problem is you can't use sasl over an untrusted network: SASL is supposed
to be used underneath TLS or a trusted network.
Either way, try
Hi Dormando and Trond,
I think I will first try Dormando's suggestion of stunnel before delving
into changing the memcached code itself. I haven't read much about stunnel,
so will need to look into it in some detail.
Again, thanks a lot for the support. It would have been very good if I
could have
> On Fri, May 4, 2018 at 10:46 PM dormando wrote:
>
> The closest would be SCRAM-SHA-256/512 mechanism, but the RFC for that
> states "in combination with TLS" up front, and I'd be wary of using it
> over the internet as well.
>
>
> If we ignore TLS for a second
On Fri, May 4, 2018 at 10:46 PM dormando wrote:
>
> The closest would be SCRAM-SHA-256/512 mechanism, but the RFC for that
> states "in combination with TLS" up front, and I'd be wary of using it
> over the internet as well.
>
If we ignore TLS for a second and just look at
Actually I take this back... SASL is not usable over the internet in any
form. It didn't click in my head that you were going over the internet for
some reason.
The closest would be SCRAM-SHA-256/512 mechanism, but the RFC for that
states "in combination with TLS" up front, and I'd be wary of
Hey,
On Fri, 4 May 2018, Om Kale wrote:
> Hey Dormando and Trond,Thanks a lot for all of your inputs.
> Let me give you guys a quick summary of what I am planning to do and the
> issues I am facing:
> I need memcached server with encryption and authentication support on
> wireless devices.
If all you need is SASL authentication with DIGEST-MD5 and PLAIN mechanisms
you should be able to implement the few methods used by memcached
relatively quickly after you read the SASL spec (and get around any
licensing issues).
During startup memcached calls sasl_server_init where it sets up an
You need the server to be on any OS? I thought it was a router thing you
were embedding.
What exactly are you doing, if you can share?
On Wed, 2 May 2018, Om Kale wrote:
> Hey Dormando,Yes you are right. I agree with you. I have gotten everything
> working with Ubuntu since Day 1 using the
Hey,
Please interpret this with kindness: if you're struggling getting sasl to
work, getting asynchronous TLS to work, be performant enough, and not
buggy, while also forking the project, is going to be a very very bad idea
for you.
If you're willing to put the effort into figuring out TLS into
Hi Dormando,
Hope your doing well and thanks for all the help you have been providing.
One quick question on using other SASL mechanisms like DIGEST-MD5,
CRAM-MD5. Apart from adding them to the memcached.conf under mech_list, is
there other chages needed on client side code/ memcached-sasl-pwdb to
Hi Dormando,
Don't worry about it. I figured it out. I had to make some changes in the
cyrus-sasl config files and re-configure and then make memcached again.
Also had to re-configure libmemcached with --enable-sasl option.
Looking forward to your token based implementation.
Regards,
Om Kale
On
oh; you might need to `sudo ldconfig` before that works, too
On Tue, 17 Apr 2018, Om Kale wrote:
> Hey Dormando,
> I was trying to play around with memcached sasl a bit more on Ubuntu.
> I tried to use the cyrus sasl libraries.
> However, when I try to run the memcached server it gives the
Did you recompile memcached on there or copy the binary?
On Tue, 17 Apr 2018, Om Kale wrote:
> Hey Dormando,
> I was trying to play around with memcached sasl a bit more on Ubuntu.
> I tried to use the cyrus sasl libraries.
> However, when I try to run the memcached server it gives the following
I don't see anything wrong with it. Since you ultimately need this to run
on ubuntu, why don't you start testing with a VM? It might not matter at
all if the problem is just with the mac.
On Wed, 11 Apr 2018, Om Kale wrote:
> Ah, I see. This person on the memcached group also observed the same
I'm on ubuntu.. I didn't do anything special or change anything, I gave a
list of all the commands I ran to make it work verbatim.
I didn't have the username@ETC issue happen at all. If I had to guess,
that would need to be fixed on the client side.
On Wed, 11 Apr 2018, Om Kale wrote:
> Hey
I don't really know. I don't have a mac so I don't know why saslpasswd2
doesn't work.
If it gives you any output when it doesn't work (with the -f argument),
please share it. You can also strace the command to see if there are any
obvious errors before it exits. There must be some reason why it's
Hi Dormando,
I finally figured it out the issue from the above thread itself.
The small change in steps as shown below work on my MAC machine:
OKALE-M-33H5:memcached-1.5.7 okale$ echo "testuser@OKALE-M-33H5:testpass" >
/tmp/memcached-sasl-db
OKALE-M-33H5:memcached-1.5.7 okale$
Hey,
What is the exact output from saslpasswd2 when you run it?
On Tue, 10 Apr 2018, Om Kale wrote:
> Hi Dormando,
> Thanks for your guidance. Meanwhile, reading through the memcached email
> chain, I see someone else also observed something similar but there was no
> solution. The question is
Hi Dormando,
Thanks for your guidance. Meanwhile, reading through the memcached email
chain, I see someone else also observed something similar but there was no
solution. The question is how do I create the memcahed-sasl-pwdb file and
populate it with username and password as the saslpasswd2
Change:
$ echo testpass | saslpasswd2 -f /Users/okale/sasl/memcached-sasl-pwdb -a
memcached -c -p testuser
To:
$ echo testpass | saslpasswd2 -f /tmp/memcached-sasl-pwdb -a
memcached -c -p testuser
SASL_CONF_PATH points to where memcached.conf is. memcached.conf points to
memcached-sasl-pwdb
Hi Dormando,
Thanks for the help. I tried the steps you mentioned but end up getting
similar error. However, the error is slightly different this time.
Why is it still pointing to '/tmp/memcached-sasl-db' when the
SASL_CONF_PATH specifies the location of the db file.
OKALE-M-33H5:sasl okale$ pwd
yes and yes.
mkdir sasl
cd sasl
then created memcached.conf
I did not create memcached-sasl-pwdb manually. saslpasswd2 made that for
me after I passed the -f argument.
On Tue, 10 Apr 2018, Om Kale wrote:
> Hi Dormando,
> Thanks for the update. I will try this out now. But before this I had one
Hi Dormando,
Thanks for the update. I will try this out now. But before this I had one
more quick question.
Did you create the sasl folder and memcached.conf manually inside
/home/dormando/ ?
Thanks and Regards,
Om Kale
On Tue, Apr 10, 2018 at 3:38 PM, dormando wrote:
>
Hey,
Was able to authenticate with your tool:
$ pwd
/home/dormando/sasl
$ cat memcached.conf
mech_list: plain
log_level: 5
sasldb_path: /home/dormando/sasl/memcached-sasl-pwdb
$ echo testpass | saslpasswd2 -f
/home/dormando/sasl/memcached-sasl-pwdb -a memcached -c -p testuser
$
Hey Dormando,
Today I tried reinstalling memcached from scratch and followed the
procedure in the wiki and the points you mentiibed however same issue of
'no secret in database' is still observed.
In addition, did the following steps but still no success.
Sorry, ran out of time today. will try for earlier tomorrow
On Mon, 9 Apr 2018, Om Kale wrote:
> Hi Dormando,I was just curious to know whether you were able to reproduce the
> above
> mentioned issue?
>
> Thanks and Regards,Om Kale
>
> On Mon, Apr 9, 2018 at 12:53 PM, Om Kale
Hi Dormando,
I was just curious to know whether you were able to reproduce the above
mentioned issue?
Thanks and Regards,
Om Kale
On Mon, Apr 9, 2018 at 12:53 PM, Om Kale wrote:
> Yes, that will be very helpful Dormando. I agree, might be missing
> something.
> The points
Yes, that will be very helpful Dormando. I agree, might be missing
something.
The points where I think I might be going wrong are as follows:
1. The exact location and contents of memcached.conf and the sasl db file -
memcached-sasl-pwdb (and the interaction between the two).
As per my
Hey,
I'll try to reproduce this today. I have a feeling you're skipping some
steps but it's definitely a confusing process...
On Mon, 9 Apr 2018, Om Kale wrote:
> Currently my set up is as follows:
> 1. My memcached.conf exists at
> /Users/okale/Library/Caches/Homebrew/memcached-1.5.7/
> 2.
Currently my set up is as follows:
1. My memcached.conf exists at /Users/okale/Library/Caches/
Homebrew/memcached-1.5.7/
2. The memcached server on starting reads from this file as shown in the
log:
OKALE-M-33H5:memcached-1.5.7 okale$ ./memcached -S -v
Reading configuration from:
Initialized
Hey Dormando,
I do not see the memcached-sasl-pwdb created and the password added in it.
The steps are same as above.
Also, is there a specific location where memcached.conf and the sasl db
file: memcached-sasl-pwdb, need to be put?
I do not see the memcached-sasl-pwdb created automatically. Also
Hey,
Did the memcached-sasl-pwdb file get created and is there a line in it?
On Fri, 6 Apr 2018, Om Kale wrote:
> Got it. I see the line you mentioned in the test code.
> I executed the following steps but still see same issue. (I ran ./configure
> after the echo command)
>
>
> Here are the
Got it. I see the line you mentioned in the test code.
I executed the following steps but still see same issue. (I ran ./configure
after the echo command)
Here are the steps:
OKALE-M-33H5:memcached-1.5.7 okale$ echo "hello" | saslpasswd2 -a memcached
-c -p ok
OKALE-M-33H5:memcached-1.5.7 okale$
Read the 30 lines around where I said, not just that line.
though I guess it's just:
system("echo testpass | $saslpasswd_path -a memcached -c -p testuser");
so that means:
echo "testpass" | saslpasswd2 -a memcached -c -p testuser
if you run that from the same directory as your memcached.conf
Hey Dormando,
Ok. When I look at the 't/binary-sasl.t' and search for the section you
mentioned,
I see this:
# Build the auth DB for testing.
my $sasldb = '/tmp/test-memcached.sasldb';
unlink $sasldb;
In the t/sasl/memcached.conf, I see the following:
mech_list: plain cram-md5
log_level: 5
Just for sanity's sake, if you look at: t/sasl/memcached.conf in the
tarball, and look at t/binary-sasl.t (look for the section starting with
"my $sasldb =", and build a passwd + configure the pwdb that way, does it
work?
to reiterate; the test config file explicitly declares the path for the db
Yup, it will be really helpful if you could try and reproduce it.
Yes...that's the thing I was wondering, 'no secret in database' means its
able to reach the database, but unable to read/load the memcached-sasl-pwdb
file. Additionally, I was wondering, if there is need to write additional
code
No secret in database means it thinks the pwdb is empty (or it can't
load/find the pwdb).
I'm not sure why offhand.. I can try to reproduce it but won't have time
until later today.
On Fri, 6 Apr 2018, Om Kale wrote:
> Hi Dormando,
> Thanks for the quick reply. I used the environment variable
Hi Dormando,
Thanks for the quick reply. I used the environment variable you suggested
before running the memcached server instance:
MEMCACHED_SASL_PWDB="/Users/
okale/Library/Caches/Homebrew/memcached-1.5.7/memcached-sasl-pwdb"
I have added the following in my memcached.conf file (so basically
On Fri, 6 Apr 2018, Om Kale wrote:
> and then try to run my client, I get the following error on the server:
>
>
> OKALE-M-33H5:memcached-1.5.7 okale$ ./memcached -S -v
> Reading configuration from:
>
> Initialized SASL.
> mech: ``SRP'' with 15 bytes of data
> SASL (severity 2): no secret in
45 matches
Mail list logo