You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@lucene.apache.org by "Jan Høydahl (JIRA)" <ji...@apache.org> on 2017/05/07 18:08:04 UTC
[jira] [Commented] (SOLR-9541) Support configurable authentication
mechanism for internode communication
[ https://issues.apache.org/jira/browse/SOLR-9541?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15999979#comment-15999979 ]
Jan Høydahl commented on SOLR-9541:
-----------------------------------
Giving a ping on this issue in light of the new security vulnerability reported, that existing Solr nodes will accept requests from an attacker who pretends to be another Solr node with PKI...
> Support configurable authentication mechanism for internode communication
> -------------------------------------------------------------------------
>
> Key: SOLR-9541
> URL: https://issues.apache.org/jira/browse/SOLR-9541
> Project: Solr
> Issue Type: Improvement
> Security Level: Public(Default Security Level. Issues are Public)
> Affects Versions: 5.3, 6.0
> Reporter: Hrishikesh Gadre
>
> SOLR-7849 introduced PKI based authentication mechanism for internode communication. The main reason for introducing SOLR-7849 was,
> >> Relying on every Authentication plugin to secure the internode communication is error prone.
> At Cloudera we are using Kerberos protocol for all communication without any issues (i.e. between client/server as well as server/server). We should make this internode authentication mechanism configurable (with default as PKI based mechanism). This will allow users to decide the appropriate authentication mechanism based on their security requirements.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org