How to ask memcached auth connection by sasl and pam?
Posted
by
user199216
on Server Fault
See other posts from Server Fault
or by user199216
Published on 2013-11-13T15:35:21Z
Indexed on
2013/11/13
15:58 UTC
Read the original article
Hit count: 856
I use memcached in a untrust network, so I try to use sasl and pam to auth connection to memcached.
I installed sasl and pam module, compiled and installed memcached with sasl enabled. Also I created db and table for pam user.
I run:
$ sudo testsaslauthd -u tester -p abc123 -s /etc/pam.d/memcached
0: OK "Success."
where the tester and abc123 is the authed user in db, which I inserted.
But my python script cannot be authed, always authentication failed returned. It seems it dose not use pam to authentication, still use sasldb, because when I add user by:
$ sudo saslpasswd2 -a memcached -c tester
and input password: abc123, It can passed.
Python script:
client = bmemcached.Client(('localhost:11211'), 'tester', 'abc123')
and error:
bmemcached.exceptions.MemcachedException: Code: 32 Message: Auth failure.
memcached log:
authenticated() in cmd 0x21 is true
mech: ``PLAIN'' with 14 bytes of data
SASL (severity 2): Password verification failed
sasl result code: -20
Unknown sasl response: -20
>30 Writing an error: Auth failure.
>30 Writing bin response:
no auth log found in: /var/log/auth.log
Configurations:
vi /etc/default/saslauthd
MECHANISMS="pam"
vi /etc/pam.d/memcached
auth sufficient pam_mysql.so user=sasl passwd=abc123 host=localhost db=sasldb table=sasl_user usercolumn=user_name passwdcolumn=password crypt=0 sqllog=1 verbose=1
account required pam_mysql.so user=sasl passwd=abc123 host=localhost db=sasldb table=sasl_user usercolumn=user_name passwdcolumn=password crypt=0 sqllog=1 verbose=1
vi /etc/sasl2/memcached.conf
pwcheck_method: saslauthd
Do I make my question clear, english is not my native language, sorry!
Any tips will be thankful!
© Server Fault or respective owner