You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@solr.apache.org by "Geza Nagy (Jira)" <ji...@apache.org> on 2021/03/29 11:37:00 UTC
[jira] [Updated] (SOLR-15233) ConfigurableInternodeAuthHadoopPlugin
with authorization is broken
[ https://issues.apache.org/jira/browse/SOLR-15233?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Geza Nagy updated SOLR-15233:
-----------------------------
Summary: ConfigurableInternodeAuthHadoopPlugin with authorization is broken (was: ConfigurableInternodeAuthHadoopPlugin with Ranger is broken)
> ConfigurableInternodeAuthHadoopPlugin with authorization is broken
> ------------------------------------------------------------------
>
> Key: SOLR-15233
> URL: https://issues.apache.org/jira/browse/SOLR-15233
> Project: Solr
> Issue Type: Bug
> Security Level: Public(Default Security Level. Issues are Public)
> Components: Authentication, Authorization
> Affects Versions: 8.4.1
> Reporter: Geza Nagy
> Priority: Major
> Labels: authentication, authorization
> Attachments: Screenshot 2021-03-09 at 18.15.31.png, security.json
>
>
> Setting up a cluster with multiple solr nodes with Kerberos using it for internode communication as well (attached security.json) and added Ranger as authorization plugin.
> When sending requests the authentication happens against the end user but the authorization is for solr service user.
> Tested two cases (3 nodes, have a collection with 2 replicas on 2 nodes of it):
> 1. send a query to a node where the collection has replica. Authorization is wrong every nodes
> 2. send a query to a node which doesn't contain a replica. The first place authorization is fine but when the query distributed it goes as solr service user issued.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org