[
https://issues.apache.org/jira/browse/TINKERPOP-1566?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15699683#comment-15699683
]
Marc de Lignie commented on TINKERPOP-1566:
-------------------------------------------
Gremlin-console can only be configured for Kerberos authentication when a
"remote objects" connection is set up to gremlin server. With the
"serializeResultsToString" option, the Kerberos authentication fails with a
"java.lang.String cannot be cast to a byte[]" in the driver Handler, line 108
(actually, I only tested this in 3.1.1, but the offending evaluateChallenge
call is the same). I suppose this is a bug, since the presentation of query
results in the console is not supposed to interfere with the authentication
mechanism configured. @[~spmallette] Do you agree? How do you prefer this to be
handled, as a separate issue (because it also effects 3.1.x and 3.2.x) or as
part of the current TINKERPOP-1566 issue?
Cheers, Marc
> Kerberos authentication for gremlin-server
> ------------------------------------------
>
> Key: TINKERPOP-1566
> URL: https://issues.apache.org/jira/browse/TINKERPOP-1566
> Project: TinkerPop
> Issue Type: Improvement
> Components: server
> Reporter: Marc de Lignie
> Priority: Minor
> Labels: security
> Fix For: 3.3.0
>
>
> Gremlin server would benefit from an explicit Kerberos authentication plugin,
> because preparing and maintaining such a plugin is nontrivial. Also, many
> other Apache project provide kerberized services.
> In gremlin-console the standard Krb5LoginModule can be configured.
> Gremlin-server already includes the pluggable Sasl framework that can host
> the proposed Kerberos authentication plugin.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
