Using DSE Graph and Gremlin console with Kerberos
To run DSE Graph in a secure environment with Kerberos authentication, configure Graph remote.yaml properties.
| For related details, see remote.yaml configuration file. | 
- 
Set the following Kerberos parameters in remote.yaml: hosts: [<KMS_hostname>] username: *null* password: *null* jaasEntry: DseClient # protocol is the the same as the service_principal set in dse.yaml protocol: <kerberos_principal_name>Leave the usernameandpasswordvalues for Kerberos unset (null). The connector ignores nullusernameandpasswordparameters.
- 
Create a JAAS configuration file for DseClientthat defines whether to use a keytab or ticket cache.The default JAAS config file and location is ~/.java.login.config. - 
Ticket cache DseClient { com.sun.security.auth.module.Krb5LoginModule required useTicketCache=true renewTGT=true; };
- 
Keytab file DseClient { com.sun.security.auth.module.Krb5LoginModule required refreshKrb5Config=true useKeyTab=true keyTab="<file_path>" useTicketCache=false; };
 
- 
- 
(Optional) To use an alternate file name or location for the JAAS configuration file, add it to the system properties using an environment variable before starting the Gremlin console: export JAVA_OPTIONS="$JAVA_OPTIONS -Djava.security.auth.login.config=<path_to_file>"Required if the file is not in the default location, ~/.java.login.config. 
For related information, see Defining a Kerberos scheme.
Other authentication options for Graph and Gremlin console
For information about other ways to secure Graph data or the Gremlin console:
- 
Internal auth: see About roles. 
- 
LDAP: see Defining an LDAP scheme and the ldap_optionskey in dse.yaml. Also refer to Creating roles for LDAP mode.
- 
Roles: see Managing access to DSE Graph keyspaces to control access to DSE Graph keyspaces and tables. 
- 
Encryption: - 
TDE: see encrypt data in DSE Graph index tables using Transparent Data Encryption (TDE). 
- 
SSL: see Securing client to cluster connections to encrypt database connections for inflight DSE Graph data. 
 
- 
- 
JMX: see Configuring JMX authentication. 
