AT
Apache TinkerPop10mo ago
gdotv

Clarification on Kerberos configuration for Gremlin Driver

I'm a little bit unclear on the role of the JAAS configuration file for the Gremlin client in the context of the gremlin-driver (rather than just the GremlinConsole). Looking at https://tinkerpop.apache.org/docs/current/reference/#krb5authenticator Is the naming convention around the jaasEntry name at all of relevance or can any gremlin-driver assume the existence of a GremlinConsole jaas entry? I'm assuming the mapping here between jaasEntry name and gremlin-driver configuration is done by setting the jaasEntry value on the ClusterBuilder but just looking for confirmation on that!
4 Replies
spmallette
spmallette10mo ago
i honestly have no idea how that works.
gdotv
gdotv10mo ago
ill be able to test this in more details in the next couple weeks so ill report back on findings if that doesn't align with my own understanding! the documentation does feel clear enough on the topic, i figured i'd double check just to be sure i guess for reference these are the notes I made on how to add kerberos auth support on G.V(): - Add ability to specifynon default krb5 and jaas configuration path in global G.V() settings (since they're driven rightfully so by system properties) - Add principal name and service name prompts in the connection setup wizard if Kerb/TGT error is detected - Add jaasEntry name prompt in the connection setup wizard
spmallette
spmallette9mo ago
did you ever learn anything further on this?
gdotv
gdotv9mo ago
i think i've got the right theory on how to get this all to run i actually need to find some volunteer to help me test this out in the meantime ive added a small but really useful feature in g.v for the upcoming release allowing to override java system properties on the g.v java backend this should allow specifying non standard paths for the jaas/krb5conf file paths i just need to add some automatic detection of kerb related auth error in the auto detect mechanism and a prompt for a service principal name + service name in the connection wizard i was gonna send some messages in the general channels here and in JG to see if i can find someone with a kerberos setup willing to test this out for me
Want results from more Discord servers?
Add your server
More Posts
Gremlin Driver and frequently changing serversIn a containerised environment, hosts are frequently replaced and their IP address can change severaGlobal SearchIs there a way where i can scan all the vertex or edge properties that match a given keyword in gremGraphSON mapperHi, I'm trying to ingest some data into AWS Neptune and due to its size I'm forced to use a bulk d.drop() behavior confussionI have a basic java app and I'm learning hot to send gremlin queries to a JanusGraph from that java Can I name the result of an anonymous traversal without moving the traverser?I can currently do the following: ``` Graph graph = TinkerFactory.createModern(); GraphTraversalSCan GraphBinary be used to save a graph to file?Can GraphBinary be used to save graph in a file. Any example is welcome.How to get cardinality of property?I have a multi property and I want to find out its cardinality. How can I do that? valueMap/elementMinverted regex searchHey, In my vertices I store escaped regexp statements as labels (e.g: 'wh.' which in theory should Debug message spam from tinkerpop server 3.7Right now, when connecting to my local tinkerpop server, I am getting incredible amounts of debug loShould by() Modulator Work For More Types?This works. `gremlin> g.V().out().out().path().by("name") ==>[marko,josh,ripple] ==>[marko,josh,lop]