Date
1 - 8 of 8
Kerberos authentication of gremlin console with Janusgraph server
Hi team,
Kerberos authentication of gremlin console with janusgraph version 0.6.0
I am facing an issue when trying to configure kerberos auth of gremlin console with with janus as per https://tinkerpop.apache.org/docs/current/reference/#krb5authenticator. Currently after kinit , I try to start gremlin console and run some traversals. So sometimes I get "Authenticator is not ready to handle requests" while sometimes it goes through while running command: graph = JanusGraphFactory.open('') Its very inconsistent. Please help me in resolving this.
I am facing an issue when trying to configure kerberos auth of gremlin console with with janus as per https://tinkerpop.apache.org/docs/current/reference/#krb5authenticator. Currently after kinit , I try to start gremlin console and run some traversals. So sometimes I get "Authenticator is not ready to handle requests" while sometimes it goes through while running command: graph = JanusGraphFactory.open('') Its very inconsistent. Please help me in resolving this.
Thanks and Regards,
Nikita
hadoopmarc@...
Hi Nikita,
I do not understand: Krb5Authenticator runs inside Gremlin Server and authenticates users of gremlin clients (e.g. Gremlin Console). Why would you run JanusGraphFactory in the Gremlin Console if the graph is already opened server side?
Can you also check the logs of Gremlin Server and see if they give any additinal hint about Krb5Authenticator?
Best wishes, Marc
I do not understand: Krb5Authenticator runs inside Gremlin Server and authenticates users of gremlin clients (e.g. Gremlin Console). Why would you run JanusGraphFactory in the Gremlin Console if the graph is already opened server side?
Can you also check the logs of Gremlin Server and see if they give any additinal hint about Krb5Authenticator?
Best wishes, Marc
Nikita Pande
" Krb5Authenticator runs inside Gremlin Server and authenticates users of gremlin clients (e.g. Gremlin Console). " this is configured as part of gremlin-server.yaml.
When I run just "graph" alone from gremlin-console, I get error "Authenticator is not ready to handle requests".
Whereas when I run JanusGraphFactory it passes. Not sure why do we get this. My current service keytab had 2 principals and I configured one. Will it create problem?
When I run just "graph" alone from gremlin-console, I get error "Authenticator is not ready to handle requests".
Whereas when I run JanusGraphFactory it passes. Not sure why do we get this. My current service keytab had 2 principals and I configured one. Will it create problem?
hadoopmarc@...
Connecting gremlin console to gremlin server goes like:
Did you try this already?
Did you try this already?
Thanks for recommending this approach. However, I am getting following error:
when running gremlin> def list = client.submit("g.V()").all().get()
Also similarly when earlier I was running, I am getting inconsistent response:
1. :remote connect tinkerpop.server conf/remote.yaml
2. :remote console
3. graph=JanusGraphFactory.open("/root/janusgraph-0.6.0/conf/janusgraph-hbase.properties"), sometimes works fine and returns configured graph. However sometimes when I repeat 1,2. It gives error "Failure to initialize security context"
when running gremlin> def list = client.submit("g.V()").all().get()
>>> CCacheInputStream: readFlags()
get normal credential
org.apache.tinkerpop.gremlin.driver.exception.ResponseException: Failure to initialize security context
Also similarly when earlier I was running, I am getting inconsistent response:
1. :remote connect tinkerpop.server conf/remote.yaml
2. :remote console
3. graph=JanusGraphFactory.open("/root/janusgraph-0.6.0/conf/janusgraph-hbase.properties"), sometimes works fine and returns configured graph. However sometimes when I repeat 1,2. It gives error "Failure to initialize security context"
hadoopmarc@...
You are mixing up two procedures:
Best wishes, Marc
- Gremlin Server Krb5Authenticator is for authenticating gremlin clients towards Gremlin Server. Apparently, you do not want it, so remove it from your configs.
- Apparently you are trying to have Gremlin Server authenticate againts HBase. This has nothing to do with Gremlin Server's Krb5Authenticate. If the keytab for Gremlin Server is OK and a kinit was done on the Gremlin Server host with the right user, the hbase client of janusgraph-hbase, running on the Gremlin Server host, should be able to access the TGT and authenticate to HBase.
Best wishes, Marc
Hi Marc,
In my case it's both, gremlin acts as client to kerberised hbase and gremlin acts as kerberised server to gremlin console/clients. Also I have already tested hbase separately along with janus, it works fine. Now I want to add kerberized authentication of janusserver on top of this. So I want gremlin console to get authenticated
Thanks,
Nikita
In my case it's both, gremlin acts as client to kerberised hbase and gremlin acts as kerberised server to gremlin console/clients. Also I have already tested hbase separately along with janus, it works fine. Now I want to add kerberized authentication of janusserver on top of this. So I want gremlin console to get authenticated
Thanks,
Nikita
hadoopmarc@...
Kerberos has a reputation for being complex. I would try to first get the pure TinkerPop example working, using the TInkerPop Gremlin-server and Gremlin Console distributions. Also check the log output of Gremlin Server in case of exceptions in Gremlin Console. The command graph = JanusGraphFactory.open('') is not the best example to start with in Gremlin Console. Better is g.V().limit(5).