[
https://issues.apache.org/jira/browse/TINKERPOP-1566?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15839791#comment-15839791
]
ASF GitHub Bot commented on TINKERPOP-1566:
-------------------------------------------
Github user mike-tr-adamson commented on the issue:
https://github.com/apache/tinkerpop/pull/534
I'm concerned about changing the `getMechanism` logic based on the failing
tests. The tests can legitimately fail both ways. It would be valid to fix
those tests so that they can fail on either a `ResponseException` or a
`GSSException`. As has already been said the difference in error being whether
the test finds any kerberos configuration that it can use.
The tests were failing on my machine for exactly the same reason - I had an
`/etc/krb5.conf` file.
I'm not that hung up on the change because you have to provide a
`JAAS_ENTRY` in order to use kerberos. It's more of a principal thing. The
tests were failing on my machine prior to this PR so the failure was not
related to any of these changes. As such they could be fixed outside of this PR
in which case the `getMechanism` change wouldn't be needed.
> Kerberos authentication for gremlin-server
> ------------------------------------------
>
> Key: TINKERPOP-1566
> URL: https://issues.apache.org/jira/browse/TINKERPOP-1566
> Project: TinkerPop
> Issue Type: Improvement
> Components: server
> Reporter: Marc de Lignie
> Priority: Minor
> Labels: security
> Fix For: 3.3.0
>
>
> Gremlin server would benefit from an explicit Kerberos authentication plugin,
> because preparing and maintaining such a plugin is nontrivial. Also, many
> other Apache project provide kerberized services.
> In gremlin-console the standard Krb5LoginModule can be configured.
> Gremlin-server already includes the pluggable Sasl framework that can host
> the proposed Kerberos authentication plugin.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
