Configuring load balancer for Kerberised Solr cluster

[mosheB <mo...@mail.com>]

We are trying to enable authentication mechanism in our Solr cluster using
Kerberos authentication plugin. We use Active Directory as our KDC, each
Solr node has its own SPN in the form of HTTP/<fqdn>@<REALM> and things are
working as expected.
Things are getting complicated while trying to configure our load balancer,
as there is no specific SPN to ask the KDC a ticket for (the balancer is
routing to multiple SPNs...)
As a solution we though to add the balancer's principal to each of the Solr
nodes (and to the keytab files of course) as follow:

-Dsolr.kerberos.principal=HTTP/solr_host.our.domain@OUR.REALM,HTTP/balancer_host.our.domain@OUR.REALM

But it seems impossible to config Solr with more than one SPN.
Is there any other workaround?






--
Sent from: http://lucene.472066.n3.nabble.com/Solr-User-f472068.html