You are viewing a plain text version of this content. The canonical link for it is here.

Posted to solr-user@lucene.apache.org by Terry Steichen <te...@net-frame.com> on 2018/03/30 02:28:48 UTC

Resetting Authentication/Authorization

When I set up the initial authentications and authorizations (I'm using
6.6.0 and running in cloud mode.), I call "bin/solr auth enable
-credentials xxx:yyy".  I then use a series of additional API calls ( to
create additional users and permissions).  This creates my desired
security environment (and, BTW, it seems to function as it should).

If I restart solr, it appears I must reactivate it with the same
'bin/solr auth enable -credentials xxx:yyy' command.  But, it seems that
when solr is restarted this way, only the authorizations are retained
persistently.  But the authentications have to be created again from
scratch.

I would like to (somehow) capture the authentication/authorization
information (probably in a security.json file?) and then (somehow)
reload it when there's a restart. 

Can that be done?

Re: Resetting Authentication/Authorization

Posted by Shawn Heisey <ap...@elyograg.org>.

On 3/29/2018 8:28 PM, Terry Steichen wrote:
> When I set up the initial authentications and authorizations (I'm using
> 6.6.0 and running in cloud mode.), I call "bin/solr auth enable
> -credentials xxx:yyy".

What does this command output?  There should definitely be something 
output when that command is run.  I don't know if it will be a lot of 
output or a little bit, but whatever it is, can you provide it?

> I then use a series of additional API calls ( to
> create additional users and permissions).  This creates my desired
> security environment (and, BTW, it seems to function as it should).

Can you elaborate on exactly what you did when you say "a series of 
additional API calls"?

> If I restart solr, it appears I must reactivate it with the same
> 'bin/solr auth enable -credentials xxx:yyy' command.  But, it seems that
> when solr is restarted this way, only the authorizations are retained
> persistently.  But the authentications have to be created again from
> scratch.

Enabling the authentication when running in cloud mode should upload a 
"security.json" file to zookeeper.  It should also write some variables 
to your solr.in.sh file, so that future usage of the bin/solr tool can 
provide the authentication that is required.

Thanks,
Shawn