Hi Dormando,
I was just curious to know whether you were able to reproduce the above
mentioned issue?
Thanks and Regards,
Om Kale
On Mon, Apr 9, 2018 at 12:53 PM, Om Kale <omkal...@gmail.com> wrote:
> Yes, that will be very helpful Dormando. I agree, might be missing
> something.
> The points where I think I might be going wrong are as follows:
>
> 1. The exact location and contents of memcached.conf and the sasl db file
> - memcached-sasl-pwdb (and the interaction between the two).
> As per my understanding, SASL_CONF_PATH, tells the memcached server where
> to read the file from and then the line sasldb_path in the conf file tells
> the server where to get the sasl db file for username:password
> authentication. I feel this linkage is not happening correctly in my case.
>
> 2. Is the sasl db file generated on its own when I run the server? If yes,
> do we need to add command line parameters while running the memcached
> server for this to happen. (FYI: I have configured --enable-sasl-pwdb while
> running configure)
>
> The main problem I am facing right now is memcached-sasl-pwdb is not
> getting created and populated on its own.
> Please do let me know the outcome once you try to reproduce it. I am
> cuurently using MAC-OS high Sierra.
>
> Thanks and Regards,
> Om Kale
>
>
> On Mon, Apr 9, 2018 at 12:28 PM, dormando <dorma...@rydia.net> wrote:
>
>> Hey,
>>
>> I'll try to reproduce this today. I have a feeling you're skipping some
>> steps but it's definitely a confusing process...
>>
>> On Mon, 9 Apr 2018, Om Kale wrote:
>>
>> > Currently my set up is as follows:
>> > 1. My memcached.conf exists at /Users/okale/Library/Caches/Ho
>> mebrew/memcached-1.5.7/
>> > 2. The memcached server on starting reads from this file as shown in
>> the log:
>> > OKALE-M-33H5:memcached-1.5.7 okale$ ./memcached -S -v
>> > Reading configuration from: </Users/okale/Library/Caches/H
>> omebrew/memcached-1.5.7/memcached.conf>
>> > Initialized SASL.
>> > 3. The contents of the memcached.conf are:
>> > mech_list: plain
>> > log_level: 5
>> > sasldb_path: /Users/okale/Library/Caches/Ho
>> mebrew/memcached-1.5.7/memcached-sasl-pwdb
>> > 4. The memcached-sasl-pwdb is located at
>> > /Users/okale/Library/Caches/Homebrew/memcached-1.5.7/
>> and has the line:
>> > (I am adding this line manually as the command 'echo "testpass" |
>> saslpasswd2 -a memcached -c -p testuser' is not creating the file and
>> adding the
>> > content in it)
>> > ok:hello
>> >
>> > However, I still see same error on server side:
>> > mech: ``SRP'' with 15 bytes of data
>> > SASL (severity 2): no secret in database
>> > sasl result code: -4
>> > Unknown sasl response: -4
>> >
>> > Also on client side, I still see:
>> > OKALE-M-33H5:mycode okale$ ./testsasl ok hello localhost
>> > Set failed: AUTHENTICATION FAILURE
>> >
>> >
>> > One more question is:
>> > Is there any additional info to be provided while starting the
>> memcached server itself?
>> >
>> > Thanks and Regards,Om Kale
>> >
>> >
>> > On Mon, Apr 9, 2018 at 10:35 AM, Om Kale <omkal...@gmail.com> wrote:
>> > Hey Dormando,
>> > I do not see the memcached-sasl-pwdb created and the password added in
>> it.
>> > The steps are same as above.
>> > Also, is there a specific location where memcached.conf and the sasl db
>> file: memcached-sasl-pwdb, need to be put?
>> > I do not see the memcached-sasl-pwdb created automatically. Also the
>> memcached.conf is located at t/sasl/memcached.conf, do I need to make the
>> > modification in this file to point to sasl db or can I create my own
>> memcached.conf at another location?
>> >
>> >
>> >
>> >
>> > Thanks and Regards,Om Kale
>> >
>> >
>> > On Fri, Apr 6, 2018 at 5:53 PM, dormando <dorma...@rydia.net> wrote:
>> > Hey,
>> >
>> > Did the memcached-sasl-pwdb file get created and is there a line
>> in it?
>> >
>> > On Fri, 6 Apr 2018, Om Kale wrote:
>> >
>> > > Got it. I see the line you mentioned in the test code.
>> > > I executed the following steps but still see same issue. (I ran
>> ./configure after the echo command)
>> > >
>> > >
>> > > Here are the steps:
>> > >
>> > > OKALE-M-33H5:memcached-1.5.7 okale$ echo "hello" | saslpasswd2
>> -a memcached -c -p ok
>> > > OKALE-M-33H5:memcached-1.5.7 okale$ ls -lrth | grep -i
>> 'memcached.conf'
>> > > -rw-r--r-- 1 okale staff 116B Apr 6 15:28 memcached.conf
>> > > OKALE-M-33H5:memcached-1.5.7 okale$
>> > > OKALE-M-33H5:memcached-1.5.7 okale$
>> > > OKALE-M-33H5:memcached-1.5.7 okale$
>> > > OKALE-M-33H5:memcached-1.5.7 okale$ cat memcached.conf
>> > > mech_list: plain
>> > > log_level: 5
>> > > sasldb_path: /Users/okale/Library/Caches/Ho
>> mebrew/memcached-1.5.7/memcached-sasl-pwdb
>> > > OKALE-M-33H5:memcached-1.5.7 okale$
>> > > OKALE-M-33H5:memcached-1.5.7 okale$
>> > > OKALE-M-33H5:memcached-1.5.7 okale$ ./memcached -S -v
>> > > Reading configuration from: </Users/okale/Library/Caches/H
>> omebrew/memcached-1.5.7/memcached.conf>
>> > > Initialized SASL.
>> > > mech: ``SRP'' with 15 bytes of data
>> > > SASL (severity 2): no secret in database
>> > > sasl result code: -4
>> > > Unknown sasl response: -4
>> > >
>> > >
>> > >
>> > > Client side:
>> > > OKALE-M-33H5:mycode okale$ ./testsasl ok hello localhost
>> > > Set failed: AUTHENTICATION FAILURE
>> > > OKALE-M-33H5:mycode okale$
>> > >
>> > >
>> > >
>> > > Is there a specific location where memcached.conf and the sasl
>> db file: memcached-sasl-pwdb, need to be put?
>> > >
>> > >
>> > >
>> > >
>> > > Thanks and Regards,Om Kale
>> > >
>> > >
>> > > On Fri, Apr 6, 2018 at 3:54 PM, dormando <dorma...@rydia.net> wrote:
>> > > Read the 30 lines around where I said, not just that line.
>> > >
>> > > though I guess it's just:
>> > >
>> > > system("echo testpass | $saslpasswd_path -a memcached -c -p
>> testuser");
>> > >
>> > > so that means:
>> > >
>> > > echo "testpass" | saslpasswd2 -a memcached -c -p testuser
>> > > if you run that from the same directory as your memcached.conf
>> (or use -f
>> > > to point to it?), it should create the file properly.
>> > >
>> > > I'm saying to use the tool instead of just putting the
>> username/password
>> > > into the file, and also using the sasldb_path: argument in
>> memcached.conf
>> > > to point to the sasldb, instead of the environment variable.
>> > >
>> > > On Fri, 6 Apr 2018, Om Kale wrote:
>> > >
>> > > > Hey Dormando,
>> > > > Ok. When I look at the 't/binary-sasl.t' and search for the
>> section you mentioned,
>> > > > I see this:
>> > > >
>> > > > # Build the auth DB for testing.
>> > > >
>> > > > my $sasldb = '/tmp/test-memcached.sasldb';
>> > > >
>> > > > unlink $sasldb;
>> > > >
>> > > >
>> > > > In the t/sasl/memcached.conf, I see the following:
>> > > > mech_list: plain cram-md5
>> > > > log_level: 5
>> > > > sasldb_path: /tmp/test-memcached.sasldb
>> > > >
>> > > > Now, let me know what I need to do....a bit confused.
>> > > > Do I need to change any of the above or do I create
>> test-memcached.sasldb under tmp on my machine, add a username:password to it
>> > and then
>> > > run ./configure
>> > > > followed by make?
>> > > >
>> > > >
>> > > >
>> > > >
>> > > > Thanks and Regards,Om Kale
>> > > >
>> > > >
>> > > > On Fri, Apr 6, 2018 at 2:48 PM, dormando <dorma...@rydia.net>
>> wrote:
>> > > > Just for sanity's sake, if you look at:
>> t/sasl/memcached.conf in the
>> > > > tarball, and look at t/binary-sasl.t (look for the
>> section starting with
>> > > > "my $sasldb =", and build a passwd + configure the pwdb
>> that way, does it
>> > > > work?
>> > > >
>> > > > to reiterate; the test config file explicitly declares
>> the path for the db
>> > > > within memcached.conf, and then adds the passwords to
>> it via the
>> > > > saslpasswd tool.
>> > > >
>> > > > Would help rule things out anyway. thanks!
>> > > >
>> > > > On Fri, 6 Apr 2018, Om Kale wrote:
>> > > >
>> > > > > Yup, it will be really helpful if you could try and
>> reproduce it.
>> > > > > Yes...that's the thing I was wondering, 'no secret in
>> database' means its able to reach the database, but unable to
>> > read/load the
>> > > > memcached-sasl-pwdb
>> > > > > file. Additionally, I was wondering, if there is need
>> to write additional code for some shared secret at client side or any
>> > other
>> > > > dependencies.
>> > > > > Currently, I am directly using
>> memcached_set_sasl_auth_data function in the client.
>> > > > >
>> > > > > Here are the steps to reproduce:
>> > > > > 1. I installed the memcached server with the
>> enable-sasl and enable-sasl-db.
>> > > > > 2. Wrote a c client as attached in the email.
>> > > > > 3. Created a file with the username:password entry
>> named memcached-sasl-pwdb as shown before.
>> > > > > 4. Created a memcached.conf with mech:plain
>> > > > > 5. Ran the server using ./memcached -S -vv
>> > > > > 6. Ran the client using ./testsasl username password
>> localhost
>> > > > >
>> > > > > Couple more things to add:
>> > > > > 1. I have followed the following wiki:
>> > > > > https://github.com/memcached/memcached/wiki/SASLHowto
>> > > > >
>> > > > > 2. I haven't used this but added the user:pass in the
>> memcached-sasl-pwdb file manually.
>> > > > >
>> > > > > saslpasswd2 -a memcached -c cacheuser
>> > > > > 3. For the SASL library cyrus-sasl-plain, I have
>> installed it, but havent used/pointed to it in code or on the server as I
>> > did not
>> > > see
>> > > > steps for this.
>> > > > >
>> > > > > 4.I see its mentioned configure option
>> --enable-sasl-pwdb is not working on the wiki, but saw that its there in
>> one of the
>> > new PRs.
>> > > > > https://github.com/memcached/memcached/issues/365
>> > > > >
>> > > > >
>> > > > > Let me know if you need any additional info from my
>> side.
>> > > > >
>> > > > > Regards,
>> > > > > Om Kale
>> > > > >
>> > > > >
>> > > > >
>> > > > > On Friday, April 6, 2018 at 12:45:26 PM UTC-7,
>> Dormando wrote:
>> > > > > No secret in database means it thinks the pwdb
>> is empty (or it can't
>> > > > > load/find the pwdb).
>> > > > >
>> > > > > I'm not sure why offhand.. I can try to
>> reproduce it but won't have time
>> > > > > until later today.
>> > > > >
>> > > > > On Fri, 6 Apr 2018, Om Kale wrote:
>> > > > >
>> > > > > > Hi Dormando,
>> > > > > > Thanks for the quick reply. I used the
>> environment variable you suggested before running the memcached server
>> > instance:
>> > > > > > MEMCACHED_SASL_PWDB="/Users/ok
>> ale/Library/Caches/Homebrew/memcached-1.5.7/memcached-sasl-pwdb"
>> > > > > >
>> > > > > > I have added the following in my
>> memcached.conf file (so basically tells plain text). I have openssl and
>> openldap
>> > installed
>> > > on my
>> > > > machine
>> > > > > but haven't
>> > > > > > specified it any config or pointed to it in
>> the code.
>> > > > > > > OKALE-M-33H5:memcached-1.5.7 okale$ cat
>> memcached.conf
>> > > > > > > mech_list: plain
>> > > > > >
>> > > > > > Now I run:
>> > > > > > ./memcached -S -v
>> > > > > >
>> > > > > > Followed by the client:
>> > > > > > OKALE-M-33H5:mycode okale$ ./testsasl ok
>> hello localhost
>> > > > > > Set failed: AUTHENTICATION FAILURE
>> > > > > >
>> > > > > > But still get the same error as before on the
>> memcached server:
>> > > > > > OKALE-M-33H5:memcached-1.5.7 okale$ export
>> > > > MEMCACHED_SASL_PWDB="/Users/o
>> kale/Library/Caches/Homebrew/memcached-1.5.7/memcached-sasl-pwdb"
>> > > > > > OKALE-M-33H5:memcached-1.5.7 okale$
>> ./memcached -S -v
>> > > > > > Reading configuration from:
>> </Users/okale/Library/Caches/Homebrew/memcached-1.5.7/memcached.conf>
>> > > > > > Initialized SASL.
>> > > > > > mech: ``SRP'' with 15 bytes of data
>> > > > > > SASL (severity 2): no secret in database
>> > > > > > sasl result code: -4
>> > > > > > Unknown sasl response: -4
>> > > > > >
>> > > > > >
>> > > > > >
>> > > > > > You could refer to my attached client code
>> above but I still don't understand why it says 'no secret in database'.
>> > > > > >
>> > > > > >
>> > > > > >
>> > > > > > Thanks and Regards,
>> > > > > > Om Kale
>> > > > > >
>> > > > > >
>> > > > > >
>> > > > > >
>> > > > > >
>> > > > > > On Friday, April 6, 2018 at 12:19:17 PM
>> UTC-7, Dormando wrote:
>> > > > > >
>> > > > > >
>> > > > > > On Fri, 6 Apr 2018, Om Kale wrote:
>> > > > > >
>> > > > > > > and then try to run my client, I get
>> the following error on the server:
>> > > > > > >
>> > > > > > >
>> > > > > > > OKALE-M-33H5:memcached-1.5.7 okale$
>> ./memcached -S -v
>> > > > > > > Reading configuration from:
>> </Users/okale/Library/Caches/Homebrew/memcached-1.5.7/memcached.conf>
>> > > > > > > Initialized SASL.
>> > > > > > > mech: ``SRP'' with 15 bytes of data
>> > > > > > > SASL (severity 2): no secret in
>> database
>> > > > > > > sasl result code: -4
>> > > > > > > Unknown sasl response: -4
>> > > > > > >
>> > > > > > >
>> > > > > > > I have added my username, password in
>> a file called memcached-sasl-pwdb which is located at
>> > > > > > > /Users/okale/Library/Caches/Ho
>> mebrew/memcached-1.5.7/memcached-sasl-pwdb
>> > > > > > >
>> > > > > > >
>> > > > > > > OKALE-M-33H5:memcached-1.5.7 okale$
>> cat memcached-sasl-pwdb
>> > > > > > > ok:hello
>> > > > > > >
>> > > > > > >
>> > > > > > >
>> > > > > > > My memcached.conf located at
>> /Users/okale/Library/Caches/Homebrew/memcached-1.5.7/memcached.conf and
>> > contains:
>> > > > > > >
>> > > > > > >
>> > > > > > > OKALE-M-33H5:memcached-1.5.7 okale$
>> cat memcached.conf
>> > > > > > > mech_list: plain
>> > > > > > >
>> > > > > > >
>> > > > > > > I have a couple of questions:
>> > > > > > > 1. How can the memcached server on
>> start up know the configured users and the username:password details.
>> > (Does it
>> > > read it
>> > > > from
>> > > > > > memcached-sasl-pwdb? If
>> > > > > > > yes, how do I configure it/point to
>> it?)
>> > > > > >
>> > > > > > I guess the wiki didn't get fully
>> updated :( If you use PWDB, it's via
>> > > > > > MEMCACHED_SASL_PWDB as an environment
>> variable, so:
>> > > > > > $
>> > > > > > MEMCACHED_SASL_PWDB="/Users/ok
>> ale/Library/Caches/Homebrew/memcached-1.5.7/memcached-sasl-pwdb"
>> > > > > > ./memcached -S -v
>> > > > > >
>> > > > > >
>> > > > > > > 2. What's the use of the
>> memcached.conf file in the "Reading configuration from:
>> > > > > > </Users/okale/Library/Caches/H
>> omebrew/memcached-1.5.7/memcached.conf>"
>> > > > > >
>> > > > > > Stating the supported mechanisms for
>> sasl authentication (ie; the at-rest
>> > > > > > state of the password data)
>> > > > > >
>> > > > > > > in the output. I am presuming this
>> read will tell the memcached server the username:password details. If
>> > yes, what
>> > > should
>> > > > be the
>> > > > > location
>> > > > > > of this file
>> > > > > > > 3. Do I need to install/point to any
>> additional ssl libraries during server bring up?
>> > > > > >
>> > > > > > Should be answered above. Hopefully
>> that works for you
>> > > > > >
>> > > > > > --
>> > > > > >
>> > > > > > ---
>> > > > > > You received this message because you are
>> subscribed to the Google Groups "memcached" group.
>> > > > > > To unsubscribe from this group and stop
>> receiving emails from it, send an email to memcached+...@googlegroups.com
>> .
>> > > > > > For more options, visit
>> https://groups.google.com/d/optout.
>> > > > > >
>> > > > > >
>> > > > >
>> > > > > --
>> > > > >
>> > > > > ---
>> > > > > You received this message because you are subscribed
>> to the Google Groups "memcached" group.
>> > > > > To unsubscribe from this group and stop receiving
>> emails from it, send an email to memcached+unsubscr...@googlegroups.com.
>> > > > > For more options, visit
>> https://groups.google.com/d/optout.
>> > > > >
>> > > > >
>> > > >
>> > > > --
>> > > >
>> > > > ---
>> > > > You received this message because you are subscribed to
>> the Google Groups "memcached" group.
>> > > > To unsubscribe from this group and stop receiving
>> emails from it, send an email to memcached+unsubscr...@googlegroups.com.
>> > > > For more options, visit https://groups.google.com/d/op
>> tout.
>> > > >
>> > > >
>> > > > --
>> > > >
>> > > > ---
>> > > > You received this message because you are subscribed to the
>> Google Groups "memcached" group.
>> > > > To unsubscribe from this group and stop receiving emails from
>> it, send an email to memcached+unsubscr...@googlegroups.com.
>> > > > For more options, visit https://groups.google.com/d/optout.
>> > > >
>> > > >
>> > >
>> > > --
>> > >
>> > > ---
>> > > You received this message because you are subscribed to the
>> Google Groups "memcached" group.
>> > > To unsubscribe from this group and stop receiving emails from
>> it, send an email to memcached+unsubscr...@googlegroups.com.
>> > > For more options, visit https://groups.google.com/d/optout.
>> > >
>> > >
>> > > --
>> > >
>> > > ---
>> > > You received this message because you are subscribed to the Google
>> Groups "memcached" group.
>> > > To unsubscribe from this group and stop receiving emails from it,
>> send an email to memcached+unsubscr...@googlegroups.com.
>> > > For more options, visit https://groups.google.com/d/optout.
>> > >
>> > >
>> >
>> > --
>> >
>> > ---
>> > You received this message because you are subscribed to the Google
>> Groups "memcached" group.
>> > To unsubscribe from this group and stop receiving emails from it, send
>> an email to memcached+unsubscr...@googlegroups.com.
>> > For more options, visit https://groups.google.com/d/optout.
>> >
>> >
>> >
>> > --
>> >
>> > ---
>> > You received this message because you are subscribed to the Google
>> Groups "memcached" group.
>> > To unsubscribe from this group and stop receiving emails from it, send
>> an email to memcached+unsubscr...@googlegroups.com.
>> > For more options, visit https://groups.google.com/d/optout.
>> >
>> >
>>
>> --
>>
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "memcached" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to memcached+unsubscr...@googlegroups.com.
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
--
---
You received this message because you are subscribed to the Google Groups
"memcached" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to memcached+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
