How to ask memcached auth connection by sasl and pam?

Posted by user199216 on Server Fault See other posts from Server Fault or by user199216
Published on 2013-11-13T15:35:21Z Indexed on 2013/11/13 15:58 UTC
Read the original article Hit count: 856

Filed under:
|
|
|
|

I use memcached in a untrust network, so I try to use sasl and pam to auth connection to memcached.

I installed sasl and pam module, compiled and installed memcached with sasl enabled. Also I created db and table for pam user.

I run:

$ sudo testsaslauthd -u tester -p abc123 -s /etc/pam.d/memcached
0: OK "Success."

where the tester and abc123 is the authed user in db, which I inserted.

But my python script cannot be authed, always authentication failed returned. It seems it dose not use pam to authentication, still use sasldb, because when I add user by:

$ sudo saslpasswd2 -a memcached -c tester

and input password: abc123, It can passed.

Python script:

client = bmemcached.Client(('localhost:11211'), 'tester', 'abc123')

and error:

bmemcached.exceptions.MemcachedException: Code: 32 Message: Auth failure.

memcached log:

authenticated() in cmd 0x21 is true
mech:  ``PLAIN'' with 14 bytes of data
SASL (severity 2): Password verification failed
sasl result code:  -20
Unknown sasl response:  -20
>30 Writing an error: Auth failure.
>30 Writing bin response:

no auth log found in: /var/log/auth.log

Configurations:

  1. vi /etc/default/saslauthd

    MECHANISMS="pam"

  2. vi /etc/pam.d/memcached

    auth sufficient pam_mysql.so user=sasl passwd=abc123 host=localhost db=sasldb table=sasl_user usercolumn=user_name passwdcolumn=password crypt=0 sqllog=1 verbose=1

    account required pam_mysql.so user=sasl passwd=abc123 host=localhost db=sasldb table=sasl_user usercolumn=user_name passwdcolumn=password crypt=0 sqllog=1 verbose=1

  3. vi /etc/sasl2/memcached.conf

    pwcheck_method: saslauthd

Do I make my question clear, english is not my native language, sorry!

Any tips will be thankful!

© Server Fault or respective owner

Related posts about ubuntu

Related posts about authentication