You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@lucene.apache.org by "Geza Nagy (Jira)" <ji...@apache.org> on 2021/03/09 17:21:00 UTC
[jira] [Created] (SOLR-15233) ConfigurableInternodeAuthHadoopPlugin
with Ranger is broken
Geza Nagy created SOLR-15233:
--------------------------------
Summary: ConfigurableInternodeAuthHadoopPlugin with Ranger is broken
Key: SOLR-15233
URL: https://issues.apache.org/jira/browse/SOLR-15233
Project: Solr
Issue Type: Bug
Security Level: Public (Default Security Level. Issues are Public)
Reporter: Geza Nagy
Attachments: Screenshot 2021-03-09 at 18.15.31.png, security.json
Setting up a cluster with multiple solr nodes with Kerberos using it for internode communication as well (attached security.json) and added Ranger as authorization plugin.
When sending requests the authentication happens against the end user but the authorization is for solr service user.
Tested two cases (3 nodes, have a collection with 2 replicas on 2 nodes of it):
1. send a query to a node where the collection has replica. Authorization is wrong every nodes
2. send a query to a node which doesn't contain a replica. The first place authorization is fine but when the query distributed it goes as solr service user issued.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@lucene.apache.org
For additional commands, e-mail: issues-help@lucene.apache.org