You are viewing a plain text version of this content. The canonical link for it is here.
Posted to solr-user@lucene.apache.org by mosheB <mo...@mail.com> on 2018/06/26 12:27:05 UTC
Configuring load balancer for Kerberised Solr cluster
We are trying to enable authentication mechanism in our Solr cluster using
Kerberos authentication plugin. We use Active Directory as our KDC, each
Solr node has its own SPN in the form of HTTP/<fqdn>@<REALM> and things are
working as expected.
Things are getting complicated while trying to configure our load balancer,
as there is no specific SPN to ask the KDC a ticket for (the balancer is
routing to multiple SPNs...)
As a solution we though to add the balancer's principal to each of the Solr
nodes (and to the keytab files of course) as follow:
-Dsolr.kerberos.principal=HTTP/solr_host.our.domain@OUR.REALM,HTTP/balancer_host.our.domain@OUR.REALM
But it seems impossible to config Solr with more than one SPN.
Is there any other workaround?
--
Sent from: http://lucene.472066.n3.nabble.com/Solr-User-f472068.html