Hey, On Fri, 4 May 2018, Om Kale wrote:
> Hey Dormando and Trond,Thanks a lot for all of your inputs. > Let me give you guys a quick summary of what I am planning to do and the > issues I am facing: > I need memcached server with encryption and authentication support on > wireless devices. (Encyption, there is a way using set encoding key with > libmemcached, I need to write a decoding key function. (this looks feasible)) > Basically, when a libmemcached client connects, the memcached server only > allows the authenticated users/clients and then once this is done, the > communication is encrypted) > Hence I needed a openwrt package for SASL that can directly be downloaded > from the website and used without modification - therefore the decision to use > Cyrus-SASL) > Here are the problems: > 1. Cyrus-SASL > Cyrus-SASL (version 2.1.27-rc7) has two files with GPLv3 license, hence I > cannot use it. Also, the openwrt Cyrus-SASL has only the libsasl2 library, not > some of the other libraries mentioned that are needed for SASL support as per > the Couchbase link. > https://blog.couchbase.com/sasl-memcached-now-available/) Have you tried to just use libsasl2 and run it? I'm pretty sure the daemon doesn't need more than that after it's been compiled. The other libraries linked in the blog are the saslpasswd/etc stuff that you don't need. Just installed libsasl2 on my openwrt/lede router and it has digest/cram modules: # opkg files libsasl2 Package libsasl2 (2.1.26-3) is installed on root and has the following files: /usr/lib/sasl2/libdigestmd5.so.3 /usr/lib/libsasl2.so.3.0.0 /usr/lib/libsasl2.so.3 /usr/lib/sasl2/libscram.so /usr/lib/sasl2/libdigestmd5.so /usr/lib/sasl2/libplain.so.3 /usr/lib/sasl2/libanonymous.so.3.0.0 /usr/lib/sasl2/libscram.so.3.0.0 /usr/lib/sasl2/libdigestmd5.so.3.0.0 /usr/lib/sasl2/libanonymous.so.3 /usr/lib/sasl2/libanonymous.so /usr/lib/libsasl2.so /usr/lib/sasl2/libplain.so.3.0.0 /usr/lib/sasl2/libplain.so /usr/lib/sasl2/libcrammd5.so.3.0.0 /usr/lib/sasl2/libcrammd5.so.3 /usr/lib/sasl2/libcrammd5.so /usr/lib/sasl2/libscram.so.3 So if you build the passwd db and ship it over, or use the spec to write a small tool to generate the file properly, that seems like your least effort route. > FYI, I see the client here apparently appends the @localhostname with the > username. So this same format needs to be stored in the passwd file. I'd recommend code diving to understand this. > 2. I cannot use 'PLAIN' as I would see the username/passwords on packet > sniffs (wireshark or any other tool) Additionally, if the password file is > accessed it would be a problem. ok > 3. I also see lot of blogs involving DDOS on memcached with UDP mode. (I am > not sure if there is any future release where this is going to be planned) not relevant? Just disable UDP mode. it's not necessary and off by default in latest versions. > 4. One of the options that I could do is change the memcached/libmemcached > code itself to turn the sockets into SSL/TLS sockets. This would add some > overheard and few extra message exchanges but could be a viable solution. > Also, would need some help from the memcached community for this. This is much, much harder than you'd expect and I'm only assuming you think it's easier than doing what Trond suggested because you expect there to be one place in the code where "connections" are handled. It's a fairly large change that would end up touching much of the codebase. By comparison, just using libsasl2 from openwrt (please tell us why you can't, specifically?) and writing a tool to generate the digest file looks good. I haven't look at the cyrus-sasl API's though. Failing that, doing what trond suggested is probably fairly fast since the code is isolated behind a few specific calls. > > > > > > Thanks and Regards,Om Kale > > > On Thu, May 3, 2018 at 11:04 PM, Trond Norbye <trond.nor...@gmail.com> wrote: > If all you need is SASL authentication with DIGEST-MD5 and PLAIN > mechanisms you should be able to implement the few methods used by memcached > relatively quickly after you read the SASL spec (and get around any > licensing issues). > During startup memcached calls sasl_server_init where it sets up an array of > callback functions the SASL implementation may call to get more > information. In this function you may read your entire password database into > memory to avoid file IO at a later time. > > When a client connects memcached calls sasl_server_new, where it creates and > initializes a handle to your library (which is later released by > memcached calling sasl_dispose with the same pointer. After memcached called > sasl_dispose it won't use that handle. > > A client needs to know which mechanisms the server supports, and in order to > do that it calls sasl_list_mech which builds up a textual string like: > "DIGEST-MD5 PLAIN" (or whatever mechanisms you choose to implement). > > Then there is two more functions you need to implement: sasl_server_start and > sasl_server_stop. The first one takes the mechanism the client wants > to use (for instance PLAIN) and the challenge the client generated (for PAIN > this looks like \0username\0password\0 if my memory serves me right). > For plain authentication we don't need to involve the client more in order to > complete the password check so you can verify the username and > password and return the appropriate error code. For other mechanisms you may > need more information from the client, so you would return > SASL_CONTINUE and return the data you want to send to the client in the two > last parameters which is sent to the client. The client consumes those > bytes and generate a new challenge for you and memcached ends up calling > sasl_server_step processing those bytes and completes the authentication > (or generate yet another challenge to send back to the client). > > To sum this up all you need to implement to have your own minimalistic SASL > implementation is: > > sasl_server_init (called once during startup) > sasl_server_new (called once for every connection if the client tries to use > SASL) > sasl_list_mech (called every time the client sends > PROTOCOL_BINARY_CMD_SASL_LIST_MECHS) > sasl_server_start (called when the client sends PROTOCOL_BINARY_CMD_SASL_AUTH) > sasl_server_step (called when the server sends PROTOCOL_BINARY_CMD_SASL_STEP) > sasl_dispose (called as part of connection shutdown if SASL was used) > > Cheers > > Trond > > > On Fri, May 4, 2018 at 6:34 AM dormando <dorma...@rydia.net> wrote: > You need the server to be on any OS? I thought it was a router thing you > were embedding. > > What exactly are you doing, if you can share? > > On Wed, 2 May 2018, Om Kale wrote: > > > Hey Dormando,Yes you are right. I agree with you. I have gotten > everything working with Ubuntu since Day 1 using the > libsasl2,sasl2-bin and the other > > installs mentioned. However, the problem is I need it working on all > OS's. Also, I cannot use Cyrus-SASL (that has only libsasl2 > bundled) in my project > > now as some of the files in its latest 2.1.27-rc7 version have a > GPLv3 license requirement. That's the reason I have thought of the > change. Bit of a dire > > straits situation here. > > > > > > Thanks and Regards,Om Kale > > > > > > On Wed, May 2, 2018 at 7:25 PM, dormando <dorma...@rydia.net> wrote: > > Hey, > > > > Please interpret this with kindness: if you're struggling > getting sasl to > > work, getting asynchronous TLS to work, be performant enough, > and not > > buggy, while also forking the project, is going to be a very > very bad idea > > for you. > > > > If you're willing to put the effort into figuring out TLS into > memcached, > > you're better off reading the cyrus source code to figure out > how password > > databases work. Read the SASL protocol spec (it's not too bad). > > > > I see you spending a huge amount of time trying to work around > the bugs > > you encounter; instead of going around, go through them. Get > the password > > file to work the way you want it to. > > > > On Wed, 2 May 2018, Om Kale wrote: > > > > > Hi Dormando,Thanks for your reply. Yes, that works. Also, one > more thing that I was > > > curious to know or rather want to add to memcached. > > > Is there anyway I can go ahead and modify memcached itself to > support SSL/TLS (using > > > certificates) without using this third-party cyrus > plugin/libsasl2? > > > If yes, where the memcached code need to be added for this. > Basically, I want to know > > > where exactly in the memcached code does the client connect > to server and do the SASL > > > protocol negotiation/exchanges) > > > I was thinking of adding a way in which memcached would be > able to support > > > authentication depending on whatever ssl library the user > wants to use. (not restrict it > > > to cyrus-sasl or libsasl2) > > > > > > > > > Thanks and Regards,Om Kale > > > > > > > > > On Mon, Apr 30, 2018 at 1:50 PM, dormando > <dorma...@rydia.net> wrote: > > > Hey, > > > > > > The passwd needs to be created with saslpasswd for most > of the other auth > > > types to work, otherwise you'll have to do it manually > and I have no idea > > > how to do that. IE; the saslpasswd files I created when > trying to > > > reproduce your method worked fine with DIGEST-MD5 as > well. > > > > > > On Mon, 30 Apr 2018, Om Kale wrote: > > > > > > > Hi All,I am trying to get my head around making > memcached work with SASL > > > support. The PLAIN auth is working but still running > into issues for > > > > DIGEST-MD5. > > > > I have changed my memcached client side code to > enable MD5 as follows. I > > > have enabled the behavior to support MD5 and then > passed the MD5 > > > > > > > > /* > > > > * Test that libmemcached is built with SASL support. > > > > */ > > > > #include <stdio.h> > > > > #include <inttypes.h> > > > > #include <stdlib.h> > > > > #include <string.h> > > > > #include <libmemcached/memcached.h> > > > > > > > > const char* key = "abc"; > > > > const char* value = "value"; > > > > > > > > // test basic get/set operation works. > > > > void test_getset(memcached_st* cache) > > > > { > > > > char* r_value; > > > > uint32_t flags = 0; > > > > uint32_t r_flags = 0; > > > > size_t val_length; > > > > memcached_return_t rc; > > > > > > > > > > > > rc = memcached_set(cache, key, strlen(key), value, > strlen(value), > > > (time_t)0, flags); > > > > if (rc == MEMCACHED_TIMEOUT) { > > > > fprintf(stderr, "Set timeout\n"); > > > > return; > > > > } else if (rc != MEMCACHED_SUCCESS) { > > > > fprintf(stderr, "Set failed: %s\n", > memcached_strerror(cache, rc)); > > > > return; > > > > } > > > > > > > > r_value = memcached_get(cache, key, strlen(key), > &val_length, &r_flags, > > > &rc); > > > > if (rc == MEMCACHED_TIMEOUT) { > > > > fprintf(stderr, "Get timeout\n"); > > > > return; > > > > } else if (rc != MEMCACHED_SUCCESS) { > > > > fprintf(stderr, "Get failed: %s\n", > memcached_strerror(cache, rc)); > > > > return; > > > > } > > > > > > > > if (strcmp(value, r_value) != 0) { > > > > fprintf(stderr, "Get returned bad value! (%s != > %s)!\n", value, > > > r_value); > > > > } > > > > > > > > if (r_flags != flags) { > > > > fprintf(stderr, "Get returned bad flags! (%u != > %u)!\n", flags, > > > r_flags); > > > > } > > > > > > > > fprintf(stdout, "Get/Set success!\n"); > > > > } > > > > > > > > // connect with SASL. > > > > void authTest(const char* user, const char* pass, > const char* server) > > > > { > > > > memcached_server_st *servers = NULL; > > > > memcached_return_t rc; > > > > memcached_st *cache; > > > > uint32_t hashVal; > > > > uint32_t hashPass; > > > > uint32_t hash; > > > > uint64_t behavior = 0; > > > > > > > > > > > > cache = memcached_create(NULL); > > > > // uint32_t hashusername = > memcached_generate_hash(cache, user, > > > strlen(user)); > > > > //hash = memcached_generate_hash(cache, user, > strlen(user)); > > > > //printf ("Hash value is: %" PRIu32 "\n", hash); > > > > > > > > // hashVal = memcached_generate_hash_value(user, > strlen(user), > > > MEMCACHED_HASH_MD5); > > > > // printf ("Hash value is: %" PRIu32 "\n", hashVal); > > > > > > > > // hashPass = memcached_generate_hash_value(pass, > strlen(pass), > > > MEMCACHED_HASH_MD5); > > > > // printf ("Hash value is: %" PRIu32 "\n", hashPass); > > > > > > > > > > > > rc = memcached_behavior_set(cache, > MEMCACHED_HASH_MD5, 1); > > > > if (rc != MEMCACHED_SUCCESS) > > > > fprintf(stderr, "Couldn't use digest md5 hashing: > %s\n", > > > memcached_strerror(cache, rc)); > > > > > > > > rc = memcached_set_sasl_auth_data(cache, > "$1$$dZY0EB48u3cuRp7JFyg68", > > > "$1$$JN/baUhJCUwYKagp48tsP0"); > > > > if (rc != MEMCACHED_SUCCESS) > > > > fprintf(stderr, "Couldn't setup SASL auth: %s\n", > > > memcached_strerror(cache, rc)); > > > > > > > > rc = memcached_behavior_set(cache, > MEMCACHED_BEHAVIOR_BINARY_PROTOCOL, > > > 1); > > > > if (rc != MEMCACHED_SUCCESS) > > > > fprintf(stderr, "Couldn't use the binary > protocol: %s\n", > > > memcached_strerror(cache, rc)); > > > > > > > > rc = memcached_behavior_set(cache, > MEMCACHED_BEHAVIOR_CONNECT_TIMEOUT, > > > 10000); > > > > if (rc != MEMCACHED_SUCCESS) > > > > fprintf(stderr, "Couldn't set the connect > timeout: %s\n", > > > memcached_strerror(cache, rc)); > > > > > > > > // rc = memcached_behavior_set(cache, > MEMCACHED_HASH_MD5, 1); > > > > // if (rc != MEMCACHED_SUCCESS) > > > > // fprintf(stderr, "Couldn't use digest md5 > hashing: %s\n", > > > memcached_strerror(cache, rc)); > > > > > > > > behavior = memcached_behavior_get(cache, > MEMCACHED_HASH_MD5); > > > > printf ("hash behavior is: %" PRIu64 "\n", > behavior); > > > > > > > > > > > > // hashVal = memcached_generate_hash_value(user, > strlen(user), > > > MEMCACHED_HASH_MD5); > > > > // printf ("Hash value is: %" PRIu32 "\n", hashVal); > > > > //hash = memcached_generate_hash(cache, user, > strlen(user)); > > > > //printf ("Hash value is: %" PRIu32 "\n", hash); > > > > > > > > servers = memcached_server_list_append(servers, > server, 11211, &rc); > > > > rc = memcached_server_push(cache, servers); > > > > > > > > if (rc != MEMCACHED_SUCCESS) > > > > fprintf(stderr, "Couldn't add server: %s\n", > memcached_strerror(cache, > > > rc)); > > > > > > > > test_getset(cache); > > > > > > > > memcached_free(cache); > > > > } > > > > > > > > // start program. > > > > int main(int argv, char *args[]) > > > > { > > > > if (argv != 4) { > > > > fprintf(stderr, "ERROR: usage => %s [username] > [password] [server]\n", > > > args[0]); > > > > return 1; > > > > } > > > > > > > > authTest(args[1], args[2], args[3]); > > > > return 0; > > > > } > > > > > > > > On client side, I see following error after running > the code: > > > > :~/Desktop$ ./testsasl testuser testpass 127.0.0.1 > > > > hash behavior is: 1 > > > > Set failed: WRITE FAILURE > > > > > > > > > > > > On server side I still get following error: > > > > > > > > <28 new binary client connection. > > > > <28 Read binary protocol data: > > > > <28 0x80 0x20 0x00 0x00 > > > > <28 0x00 0x00 0x00 0x00 > > > > <28 0x00 0x00 0x00 0x00 > > > > <28 0x00 0x02 0x00 0x00 > > > > <28 0x00 0x00 0x00 0x00 > > > > <28 0x00 0x00 0x00 0x00 > > > > authenticated() in cmd 0x20 is true > > > > >28 Writing bin response: > > > > >28 0x81 0x20 0x00 0x00 > > > > >28 0x00 0x00 0x00 0x00 > > > > >28 0x00 0x00 0x00 0x0a > > > > >28 0x00 0x02 0x00 0x00 > > > > >28 0x00 0x00 0x00 0x00 > > > > >28 0x00 0x00 0x00 0x00 > > > > <28 Read binary protocol data: > > > > <28 0x80 0x21 0x00 0x0a > > > > <28 0x00 0x00 0x00 0x00 > > > > <28 0x00 0x00 0x00 0x0a > > > > <28 0x00 0x02 0x00 0x00 > > > > <28 0x00 0x00 0x00 0x00 > > > > <28 0x00 0x00 0x00 0x00 > > > > authenticated() in cmd 0x21 is true > > > > mech: ``DIGEST-MD5'' with 0 bytes of data > > > > SASL (severity 5): DIGEST-MD5 server step 1 > > > > sasl result code: 1 > > > > >28 Writing bin response: > > > > >28 0x81 0x21 0x00 0x00 > > > > >28 0x00 0x00 0x00 0x21 > > > > >28 0x00 0x00 0x00 0x7b > > > > >28 0x00 0x02 0x00 0x00 > > > > >28 0x00 0x00 0x00 0x00 > > > > >28 0x00 0x00 0x00 0x00 > > > > <28 connection closed. > > > > SASL (severity 5): DIGEST-MD5 common mech dispose > > > > > > > > > > > > Thanks and Regards,Om Kale > > > > > > > > > > > > On Thu, Apr 26, 2018 at 3:39 PM, Om Kale > <omkal...@gmail.com> wrote: > > > > Hi Dormando,Hope your doing well and thanks for all > the help you have been > > > providing. One quick question on using other SASL mechanisms > like > > > > DIGEST-MD5, CRAM-MD5. Apart from adding them to the > memcached.conf under > > > mech_list, is there other chages needed on client side code/ > > > > memcached-sasl-pwdb to support these other mechanisms. > > > > Currently I have just made the change in the memcached.conf > file as follows > > > (just a change in the mech_list): > > > > mech_list: DIGEST-MD5 > > > > log_level: 5 > > > > sasldb_path: /home/cisco/sasl/memcached-sasl-pwdb > > > > > > > > > > > > It gives me following errors on server side: > > > > <28 new binary client connection. > > > > <28 Read binary protocol data: > > > > <28 0x80 0x20 0x00 0x00 > > > > <28 0x00 0x00 0x00 0x00 > > > > <28 0x00 0x00 0x00 0x00 > > > > <28 0x00 0x02 0x00 0x00 > > > > <28 0x00 0x00 0x00 0x00 > > > > <28 0x00 0x00 0x00 0x00 > > > > authenticated() in cmd 0x20 is true > > > > >28 Writing bin response: > > > > >28 0x81 0x20 0x00 0x00 > > > > >28 0x00 0x00 0x00 0x00 > > > > >28 0x00 0x00 0x00 0x0a > > > > >28 0x00 0x02 0x00 0x00 > > > > >28 0x00 0x00 0x00 0x00 > > > > >28 0x00 0x00 0x00 0x00 > > > > <28 Read binary protocol data: > > > > <28 0x80 0x21 0x00 0x0a > > > > <28 0x00 0x00 0x00 0x00 > > > > <28 0x00 0x00 0x00 0x0a > > > > <28 0x00 0x02 0x00 0x00 > > > > <28 0x00 0x00 0x00 0x00 > > > > <28 0x00 0x00 0x00 0x00 > > > > authenticated() in cmd 0x21 is true > > > > mech: ``DIGEST-MD5'' with 0 bytes of data > > > > SASL (severity 5): DIGEST-MD5 server step 1 > > > > sasl result code: 1 > > > > >28 Writing bin response: > > > > >28 0x81 0x21 0x00 0x00 > > > > >28 0x00 0x00 0x00 0x21 > > > > >28 0x00 0x00 0x00 0x7b > > > > >28 0x00 0x02 0x00 0x00 > > > > >28 0x00 0x00 0x00 0x00 > > > > >28 0x00 0x00 0x00 0x00 > > > > <28 connection closed. > > > > SASL (severity 5): DIGEST-MD5 common mech dispose > > > > > > > > > > > > > > > > Thanks and Regards, > > > > Om Kale > > > > > > > > > > > > On Tue, Apr 17, 2018 at 7:25 PM, Om Kale > <omkal...@gmail.com> wrote: > > > > Hi Dormando,Don't worry about it. I figured it out. I > had to make some > > > changes in the cyrus-sasl config files and re-configure and > then > > > > make memcached again. Also had to re-configure > libmemcached with > > > --enable-sasl option. > > > > Looking forward to your token based implementation. > > > > > > > > Regards, > > > > Om Kale > > > > On Tue, Apr 17, 2018, 7:04 PM dormando <dorma...@rydia.net> > wrote: > > > > Ah, I think you're stuck with SASL then. > > > > > > > > If I try to help you further I'll just be googling > cyrus stuff and reading > > > > its source code; it's not really something I can help > you with, sorry :( > > > > > > > > On Tue, 17 Apr 2018, Om Kale wrote: > > > > > > > > > Unique to the client. > > > > > > > > > > Thanks and Regards, > > > > > Om Kale > > > > > > > > > > On Tue, Apr 17, 2018 at 3:41 PM, dormando > <dorma...@rydia.net> wrote: > > > > > Are you saying the tokens need to be unique > to each client, or can > > > they > > > > > all share a single token? > > > > > > > > > > On Tue, 17 Apr 2018, Om Kale wrote: > > > > > > > > > > > So my wireless application needs > authentication support before a > > > trusted client can do a get/set. > > > > > > As long as I can do this, the underlying > mechanism is not that > > > critical. The token proposol can also work but again > > > > there should be a > > > > > mechanism where > > > > > > server authenticates for the clients and > the number of clients > > > can be pretty large. > > > > > > > > > > > > Thanks and Regards,Om Kale > > > > > > > > > > > > > > > > > > On Tue, Apr 17, 2018 at 3:25 PM, dormando > <dorma...@rydia.net> > > > wrote: > > > > > > Also, I should ask again; do you need > SASL in specific or > > > would something > > > > > > like my authentication token proposal > from a week ago > > > work? > > > > > > > > > > > > On Tue, 17 Apr 2018, dormando wrote: > > > > > > > > > > > > > "failed to list sasl mechanisms" is > beyond my knowledge > > > :/ you might not > > > > > > > have config files for cyrus sasl. > you should search > > > their > > > > > > > knowledgebases/mails/etc. > > > > > > > > > > > > > > On Tue, 17 Apr 2018, Om Kale wrote: > > > > > > > > > > > > > > > Sorry about that it was a typo in > the email: > > > > > > > > > > > > > > > > :~/sasl$ cat memcached.conf > > > > > > > > mech_list: plain > > > > > > > > log_level: 5 > > > > > > > > sasldb_path: > /home/okale/sasl/memcached-sasl-pwdb > > > > > > > > > > > > > > > > > > > > > > > > :~/sasl$ pwd > > > > > > > > /home/okale/sasl > > > > > > > > :~/sasl$ > > > > > > > > :~/sasl$ ls > > > > > > > > memcached.conf > memcached-sasl-pwdb > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Thanks and Regards,Om Kale > > > > > > > > > > > > > > > > On Tue, Apr 17, 2018 at 3:11 PM, > dormando > > > <dorma...@rydia.net> wrote: > > > > > > > > Hey, > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Btw, I do have the > correct memcached.conf file > > > entry > > > > > > > > > mech_list: plain > > > > > > > > > log_level: 5 > > > > > > > > > sasldb_path: > /home//sasl/memcached-sasl-pwdb > > > > > > > > > > > > > > > > Is this missing your > username? is the > > > memcached-sasl-pwdb file actually > > > > > > > > there? > > > > > > > > > > > > > > > > > > > > > > > > > > Thanks and Regards,Om Kale > > > > > > > > > > > > > > > > > > > > > > > > > > > On Tue, Apr 17, 2018 at > 2:25 PM, dormando > > > <dorma...@rydia.net> wrote: > > > > > > > > > Hey, > > > > > > > > > > > > > > > > > > That's because > memcached isn't linking > > > against the library you're > > > > > > > > > specifying... It's > going to be much > > > faster for you to search the internet > > > > > > > > > for that specific > error. "error while > > > loading shared libraries" "no such > > > > > > > > > file or directory". > there should be a > > > good number of stackoverflow > > > > > > > > > responses walking > you through this sort > > > of thing. > > > > > > > > > > > > > > > > > > Once you build > sasl, you need to rebuild > > > memcached from scratch with a new > > > > > > > > > ./configure, but > the old sasl libraries > > > should not exist and should not be > > > > > > > > > in any paths first. > > > > > > > > > > > > > > > > > > On Tue, 17 Apr > 2018, Om Kale wrote: > > > > > > > > > > > > > > > > > > > Hey Dormando, > > > > > > > > > > Thanks for the > reply. I am doing this > > > as I need to use sasl packages/libraries available > > > > under openwrt as I am > > > > > using > > > > > > memcached for > > > > > > > > a > > > > > > > > > wireless > > > > > > > > > > application. This > is the reason I have > > > to use cyrus-sasl only. > > > > > > > > > > Earlier I had > installed sasl support > > > using following: > > > > > > > > > > apt-get install > libsasl2-2 sasl2-bin > > > libsasl2-2 libsasl2-dev libsasl2-modules > > > > > > > > > > > > > > > > > > > > Now what I want > to do is just use the > > > latest cyrus-sasl package for memcached to work with > > > > sasl. > > > > > > > > > > > > > > > > > > > > After downloading > the tarball > > > cyrus-sasl-2.1.27, I use the following to configure. > > > > > > > > > > > > > > > > > > > > cd (directory it > was untarred into) > > > > > > > > > > ./configure > > > > > > > > > > make > > > > > > > > > > make install > > > > > > > > > > ln -s > /usr/local/lib/sasl2 > > > /usr/lib/sasl2 > > > > > > > > > > > > > > > > > > > > Now, I run > memcached. > > > > > > > > > > I am aware of the > library path issue > > > as I see this: > > > > > > > > > > > > > > > > > > > > > ~/Downloads/memcached-1.5.7$ memcached > > > > > > > > > > memcached: error > while loading shared > > > libraries: libsasl2.so.2: cannot open shared object > > > > file: No such file or > > > > > directory > > > > > > > > > > > ~/Downloads/memcached-1.5.7$ ldd > > > memcached > > > > > > > > > > > linux-vdso.so.1 => > > > (0x00007ffcbd536000) > > > > > > > > > > > libevent-2.0.so.5 => > > > /usr/lib/x86_64-linux-gnu/libevent-2.0.so.5 > (0x00007fa8f7a03000) > > > > > > > > > > libsasl2.so.2 > => not found > > > > > > > > > > > libpthread.so.0 => > > > /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007fa8f77e6000) > > > > > > > > > > libc.so.6 => > > > /lib/x86_64-linux-gnu/libc.so.6 (0x00007fa8f741c000) > > > > > > > > > > > /lib64/ld-linux-x86-64.so.2 > > > (0x00007fa8f7c49000) > > > > > > > > > > > > > > > > > > > > As you see above, > this particular > > > libsasl2.so.2 is not found by memcached. > > > > > > > > > > I checked under > /usr/local/bin and > > > other locations as well, but I couldn't find the > > > > libsasl2.so.2 file. > > > > > > > > > > > > > > > > > > > > Additionally, > ldconfig -p doesn't show > > > this particular file. (libsasl2.so.2) > > > > > > > > > > > ~/Downloads/memcached-1.5.7$ ldconfig > > > -p | grep -i 'libsasl' > > > > > > > > > > libsasl2.so.3 > (libc6,x86-64) => > > > /usr/local/lib/libsasl2.so.3 > > > > > > > > > > libsasl2.so > (libc6,x86-64) => > > > /usr/local/lib/libsasl2.so > > > > > > > > > > > :~/Downloads/memcached-1.5.7$ > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > What I wanted to > see is if anyone else > > > ran across this issue/ how could I add this > > > > dependency, as the memcached > > > > > wiki > > > > > > mentions > > > > > > > > cyrus-sasl in > > > > > > > > > the SASLHowto > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Thanks and > Regards,Om Kale > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > On Tue, Apr 17, > 2018 at 12:21 PM, > > > dormando <dorma...@rydia.net> wrote: > > > > > > > > > > Why are you > doing this? I think > > > you're moving beyond the scope of support > > > > > > > > > > this > mailing list can provide; > > > you need to ensure build paths are correct, > > > > > > > > > > ldconfig's > cache has the paths > > > to the library, etc. > > > > > > > > > > > > > > > > > > > > It should > be much simpler to > > > just use ubuntu's existing libraries? > > > > > > > > > > > > > > > > > > > > On Tue, 17 > Apr 2018, Om Kale > > > wrote: > > > > > > > > > > > > > > > > > > > > > Here are > the steps I took: > > > > > > > > > > > 1. I > uninstalled the following > > > libsasl2-2 sasl2-bin libsasl2-2 libsasl2-dev > > > > libsasl2-modules, since I am > > > > > trying > > > > > > to do it > > > > > > > > only with > > > > > > > > > the > > > > > > > > > > cyrus sasl > > > > > > > > > > > package. > (This includes the > > > other libararies) > > > > > > > > > > > 2. > Installed and configured > > > cyrus-sasl-2.1.27 > > > > > > > > > > > 3. Ran > the ./configure > > > --enable-sasl --enable-sasl-pwdb inside latest memcached > > > > folder, followed by make > > > > > and make > > > > > > install > > > > > > > > > > > > > > > > > > > > > > Then I > see the error. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Thanks > and Regards,Om Kale > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > On Tue, > Apr 17, 2018 at 12:03 > > > PM, dormando <dorma...@rydia.net> wrote: > > > > > > > > > > > Did > you recompile > > > memcached on there or copy the binary? > > > > > > > > > > > > > > > > > > > > > > On > Tue, 17 Apr 2018, Om > > > Kale wrote: > > > > > > > > > > > > > > > > > > > > > > > > Hey Dormando, > > > > > > > > > > > > I > was trying to play > > > around with memcached sasl a bit more on Ubuntu. > > > > > > > > > > > > I > tried to use the > > > cyrus sasl libraries. > > > > > > > > > > > > > However, when I try to > > > run the memcached server it gives the following error: > > > > > > > > > > > > > > > ~/Downloads/memcached-1.5.7$ memcached -S -vv > > > > > > > > > > > > > memcached: error while > > > loading shared libraries: libsasl2.so.2: cannot open > > > > shared object file: > > > > > No such > > > > > > file or > > > > > > > > directory > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > I > checked in > > > usr/local/lib and I see libsasl2.so.3 present. > > > > > > > > > > > > > > > cisco@dd17-ubuntu-namsoo:/usr/local/lib$ ls -lrt > > > > > > > > > > > > > drwxrwsr-x 3 root > > > staff 4096 Feb 28 10:25 python3.5 > > > > > > > > > > > > > drwxrwsr-x 4 root > > > staff 4096 Feb 28 10:35 python2.7 > > > > > > > > > > > > > drwxr-xr-x 2 root > > > root 4096 Apr 16 08:47 sasl2 > > > > > > > > > > > > > -rwxr-xr-x 1 root > > > root 163912 Apr 17 03:09 libhashkit.so.2.0.0 > > > > > > > > > > > > > lrwxrwxrwx 1 root > > > root 19 Apr 17 03:09 libhashkit.so.2 -> > > > > libhashkit.so.2.0.0 > > > > > > > > > > > > > lrwxrwxrwx 1 root > > > root 19 Apr 17 03:09 libhashkit.so -> > > > > libhashkit.so.2.0.0 > > > > > > > > > > > > > -rwxr-xr-x 1 root > > > root 938 Apr 17 03:09 libhashkit.la > > > > > > > > > > > > > -rwxr-xr-x 1 root > > > root 1373952 Apr 17 03:09 libmemcached.so.11.0.0 > > > > > > > > > > > > > lrwxrwxrwx 1 root > > > root 22 Apr 17 03:09 libmemcached.so.11 -> > > > > libmemcached.so.11.0.0 > > > > > > > > > > > > > lrwxrwxrwx 1 root > > > root 22 Apr 17 03:09 libmemcached.so -> > > > > libmemcached.so.11.0.0 > > > > > > > > > > > > > -rwxr-xr-x 1 root > > > root 978 Apr 17 03:09 libmemcached.la > > > > > > > > > > > > > -rwxr-xr-x 1 root > > > root 114792 Apr 17 03:09 libmemcachedutil.so.2.0.0 > > > > > > > > > > > > > lrwxrwxrwx 1 root > > > root 25 Apr 17 03:09 libmemcachedutil.so.2 -> > > > > libmemcachedutil.so.2.0.0 > > > > > > > > > > > > > lrwxrwxrwx 1 root > > > root 25 Apr 17 03:09 libmemcachedutil.so -> > > > > libmemcachedutil.so.2.0.0 > > > > > > > > > > > > > -rwxr-xr-x 1 root > > > root 1033 Apr 17 03:09 libmemcachedutil.la > > > > > > > > > > > > > -rw-r--r-- 1 root > > > root 329582 Apr 17 03:09 libhashkit.a > > > > > > > > > > > > > -rw-r--r-- 1 root > > > root 3175600 Apr 17 03:09 libmemcached.a > > > > > > > > > > > > > -rw-r--r-- 1 root > > > root 220608 Apr 17 03:09 libmemcachedutil.a > > > > > > > > > > > > > drwxr-xr-x 2 root > > > root 4096 Apr 17 03:09 pkgconfig > > > > > > > > > > > > > -rwxr-xr-x 1 root > > > root 485528 Apr 17 03:43 libsasl2.so.3.0.0 > > > > > > > > > > > > > lrwxrwxrwx 1 root > > > root 17 Apr 17 03:43 libsasl2.so.3 -> > > > > libsasl2.so.3.0.0 > > > > > > > > > > > > > lrwxrwxrwx 1 root > > > root 17 Apr 17 03:43 libsasl2.so -> libsasl2.so.3.0.0 > > > > > > > > > > > > > -rwxr-xr-x 1 root > > > root 652 Apr 17 03:43 libsasl2.la > > > > > > > > > > > > > > > cisco@dd17-ubuntu-namsoo:/usr/local/lib$ > > > > > > > > > > > > > > > > > > > > > > > > > Has anyone else seen > > > similar error while working with cyrus-sasl-2.1.27? > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Thanks > and Regards,Om Kale > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > On Wed, > Apr 11, 2018 at 8:34 > > > PM, dormando <dorma...@rydia.net> wrote: > > > > > > > > > > > > > Hey, > > > > > > > > > > > > > > > > > > > > > > > > > Good to hear! good > > > luck. > > > > > > > > > > > > > > > > > > > > > > > > > SASL is the only > > > method. I sent a proposal to this mailing list yesterday > > > > > > > > > > > > > for authentication > > > tokens. > > > > > > > > > > > > > > > > > > > > > > > > > On Wed, 11 Apr 2018, > > > Om Kale wrote: > > > > > > > > > > > > > > > > > > > > > > > > > > Hey Dormando, > > > > > > > > > > > > > > Works like a charm > > > with Ubuntu. So its a MAC problem then. > > > > > > > > > > > > > > I also had an > > > additional question: > > > > > > > > > > > > > > In memcached, is > > > there any way of doing authentication without actually > > > > using the SASL library > > > > > > available. For > > > > > > > > example, > > > > > > > > > using some > > > > > > > > > > other > > > > > > > > > > > > > underlying ssl > > > > > > > > > > > > > > libraries. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Thanks and > > > Regards,Om Kale > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > On Wed, Apr 11, 2018 > > > at 4:14 PM, dormando <dorma...@rydia.net> wrote: > > > > > > > > > > > > > > I don't see > > > anything wrong with it. Since you ultimately need this to > > > > run > > > > > > > > > > > > > > on ubuntu, why > > > don't you start testing with a VM? It might not matter > > > > at > > > > > > > > > > > > > > all if the > > > problem is just with the mac. > > > > > > > > > > > > > > > > > > > > > > > > > > > On Wed, 11 Apr > > > 2018, Om Kale wrote: > > > > > > > > > > > > > > > > > > > > > > > > > > > > Ah, I see. > > > This person on the memcached group also observed the > > > > same issue on Cent OS > > > > > (I see it > > > > > > on Mac > > > > > > > > OS) some > > > > > > > > > time > > > > > > > > > > back: > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > https://groups.google.com/forum/#!topic/memcached/mtzcFVYahZo > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > I have > > > attached my client program testsasl2.c with this mail. I > > > > don't see any errors in > > > > > the > > > > > > code. Please > > > > > > > > do let > > > > > > > > > me know > > > > > > > > > > if you > > > > > > > > > > > find > > > > > > > > > > > > > > anything. > > > > > > > > > > > > > > > > > > > > > > > -- > > --- > You received this message because you are subscribed to the Google Groups > "memcached" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to memcached+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > > > -- > > --- > You received this message because you are subscribed to the Google Groups > "memcached" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to memcached+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > > -- --- You received this message because you are subscribed to the Google Groups "memcached" group. To unsubscribe from this group and stop receiving emails from it, send an email to memcached+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
