Skip to content

Add Kerberos sso docs#1607

Open
DavIvek wants to merge 5 commits intomemgraph-3-10from
add-kerberos-sso-docs
Open

Add Kerberos sso docs#1607
DavIvek wants to merge 5 commits intomemgraph-3-10from
add-kerberos-sso-docs

Conversation

@DavIvek
Copy link
Copy Markdown
Contributor

@DavIvek DavIvek commented Apr 29, 2026

Release note

Documents the new built-in Kerberos SSO auth module. Covers prerequisites (KDC, NTP, FQDN/PTR, SPN, keytab), server-side environment variables (core + LDAP-mode role mapping), enabling via --auth-module-mappings=kerberos, role mapping for both principal and ldap modes, a Docker end-to-end example, a Python driver client snippet, and a troubleshooting list.

Related product PRs

PRs from product repo this doc page is related to:
memgraph/memgraph#3916

Checklist:

  • Add appropriate milestone (current release cycle)
  • Add bugfix or feature label, based on the product PR type you're documenting
  • Make sure all relevant tech details are documented
  • Check all content with Grammarly
  • Perform a self-review of my code
  • The build passes locally
  • My changes generate no new warnings or errors

@DavIvek
Add docs for the Kerberos SSO auth module
ccffb52 
Documents the new built-in kerberos.py auth module from memgraph#3916:
prerequisites, server-side env-var configuration (core + LDAP-mode-only),
role-mapping for principal and ldap modes, a Docker end-to-end example,
a Neo4j Python driver client snippet, and a troubleshooting list.
@DavIvek DavIvek self-assigned this Apr 29, 2026
@vercel
Copy link
Copy Markdown

vercel Bot commented Apr 29, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
documentation Ready Ready Preview, Comment Apr 29, 2026 1:15pm

Request Review

@DavIvek DavIvek changed the base branch from main to memgraph-3-10 April 29, 2026 11:44
@DavIvek
Trim Python snippet + tighten LDAP_AUTH description
6a836d4 
- Match Neo4j's pattern: snippet only shows the connect call via
  kerberos_auth(); ticket acquisition is the user's problem. The
  single-leg / no-mutual-auth requirement moves to a Callout with
  concrete python-gssapi and Java pointers.
- LDAP_AUTH=gssapi description now spells out SASL/GSSAPI binding
  via the service keytab.
- pip install ldap3 (matches the module's own error message).
@DavIvek DavIvek marked this pull request as ready for review April 29, 2026 13:09
@DavIvek DavIvek mentioned this pull request Apr 29, 2026
Merged
@DavIvek DavIvek added this to the 3.10 milestone Apr 29, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@vpavicic vpavicic Awaiting requested review from vpavicic vpavicic is a code owner

@gitbuda gitbuda Awaiting requested review from gitbuda gitbuda is a code owner

@Josipmrden Josipmrden Awaiting requested review from Josipmrden Josipmrden is a code owner

Assignees

@DavIvek DavIvek

Labels

None yet

Projects

None yet

Milestone

3.10

Development

Successfully merging this pull request may close these issues.

1 participant

@DavIvek