Reputation: 469
DSE Graph authentication error
On a fresh new installation, DSE Graph throws an error to Gremlin Console, complaining about authentication configuration.
Gremlin Console starts normally:
plugin activated: tinkerpop.tinkergraph
plugin activated: tinkerpop.server
plugin activated: tinkerpop.utilities
gremlin> :remote connect tinkerpop.server conf/remote.yaml
==>Configured cassan-1-vm.c.myklovr-dev.internal/10.128.0.4:8182
but when you try any operation against Gremlin Server, you get an error:
gremlin> :> 1+1
ERROR 18:11:25,717 Could not process the response javax.security.sasl.SaslException: Failure to initialize security context
at com.sun.security.sasl.gsskerb.GssKrb5Client.<init>(GssKrb5Client.java:149) ~[na:1.8.0_101]
at com.sun.security.sasl.gsskerb.FactoryImpl.createSaslClient(FactoryImpl.java:63) ~[na:1.8.0_101]
at javax.security.sasl.Sasl.createSaslClient(Sasl.java:384) ~[na:1.8.0_101] ... Caused by: org.ietf.jgss.GSSException: Invalid name provided (Mechanism level: KrbException: Cannot locate default realm)
at sun.security.jgss.krb5.Krb5NameElement.getInstance(Krb5NameElement.java:129) ~[na:1.8.0_101]
at sun.security.jgss.krb5.Krb5MechFactory.getNameElement(Krb5MechFactory.java:95) ~[na:1.8.0_101]
at sun.security.jgss.GSSManagerImpl.getNameElement(GSSManagerImpl.java:203) ~[na:1.8.0_101]
at sun.security.jgss.GSSNameImpl.getElement(GSSNameImpl.java:477) ~[na:1.8.0_101]
at sun.security.jgss.GSSNameImpl.init(GSSNameImpl.java:201) ~[na:1.8.0_101]
at sun.security.jgss.GSSNameImpl.<init>(GSSNameImpl.java:170) ~[na:1.8.0_101]
at sun.security.jgss.GSSManagerImpl.createName(GSSManagerImpl.java:138) ~[na:1.8.0_101]
at com.sun.security.sasl.gsskerb.GssKrb5Client.<init>(GssKrb5Client.java:107) ~[na:1.8.0_101]
... 27 common frames omitted Security error - check username/password and related settings
Question is: how to overcome this error?
This has already been tried:
- De-activate Kerberos authentication in dse.yaml
- Reset krb5.conf to a default file (the one in the DSE sandbox)
Upvotes: 0
Views: 618
Answers (2)
Reputation: 4227
I had similar problem too. The way I solved was by explicitly putting username and password. Ensure that your remote.yaml file dse/resources/graph/gremlin-console/conf/ has a structure similar to this.
You do not need to restart for it to take effect.
hosts: [localhost]
port: 8182
username: cassandra
password: cassandra
serializer: { className: org.apache.tinkerpop.gremlin.driver.ser.GryoMessageSerializerV1d0,
config: { serializeResultToString: true, ioRegistries: [org.apache.tinkerpop.gremlin.tinkergraph.structure.TinkerIoRegistry] }}
connectionPool: {
maxContentLength: 65536000, enableSsl: false
}
Also listed here: https://docs.datastax.com/en/latest-dse/datastax_enterprise/sec/graphSec.html The three attributes I changed from the default remote.yaml are username, password, enableSsl
Upvotes: 2
Reputation: 469
We could not find a casuistic explanation for this.
As a workaround, we installed again from the datastax installer (instead of yum) and this problem did not happen.
Upvotes: 0
Related Questions
- Tinkerpop Gremlin server MissingPropertyException for SparkGraphComputer in remote mode
- Gremlin query works in TinkerGraph, JanusGraph and Neo4j but not in DSE Graph 6.8.1
- Issues getting correct data from gremlin server
- DSE Graph - Host did not respond in a timely fashion
- Error in running the command $ dse gremlin-console -i test.groovy
- GraphLoader is not working
- DSE Gremlin Console: Cannot modify schema
- Why isn't it possible to use DSE Authentication with Gremlin Server using the GraphSON serializer?
- Gremlin DSE Graph Error: schema.getClass()
- Trouble creating Datastax Studio connection