You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@lucene.apache.org by "Kevin Risden (Jira)" <ji...@apache.org> on 2019/09/05 15:27:00 UTC
[jira] [Updated] (SOLR-13726) Krb5HttpClientBuilder avoid setting
javax.security.auth.useSubjectCredsOnly
[ https://issues.apache.org/jira/browse/SOLR-13726?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Kevin Risden updated SOLR-13726:
--------------------------------
Component/s: security
> Krb5HttpClientBuilder avoid setting javax.security.auth.useSubjectCredsOnly
> ---------------------------------------------------------------------------
>
> Key: SOLR-13726
> URL: https://issues.apache.org/jira/browse/SOLR-13726
> Project: Solr
> Issue Type: Bug
> Security Level: Public(Default Security Level. Issues are Public)
> Components: security, SolrJ
> Reporter: Kevin Risden
> Priority: Major
>
> Solr should avoid setting system properties that affect the entire JVM. Specifically "javax.security.auth.useSubjectCredsOnly" is one that can cause a bunch of issues if SolrJ is colocated with other Kerberos secured services.
> Krb5HttpClientBuilder changes the JVM default to false if it is not set. It is defaulting to true. This affects everything in the JVM. Since SolrJ is meant to be client side, we should avoid doing this.
> [https://github.com/apache/lucene-solr/blame/master/solr/solrj/src/java/org/apache/solr/client/solrj/impl/Krb5HttpClientBuilder.java#L144]
--
This message was sent by Atlassian Jira
(v8.3.2#803003)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org