You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@lucene.apache.org by "Geza Nagy (Jira)" <ji...@apache.org> on 2021/03/09 17:21:00 UTC

[jira] [Created] (SOLR-15233) ConfigurableInternodeAuthHadoopPlugin with Ranger is broken

Geza Nagy created SOLR-15233:
--------------------------------

             Summary: ConfigurableInternodeAuthHadoopPlugin with Ranger is broken
                 Key: SOLR-15233
                 URL: https://issues.apache.org/jira/browse/SOLR-15233
             Project: Solr
          Issue Type: Bug
      Security Level: Public (Default Security Level. Issues are Public)
            Reporter: Geza Nagy
         Attachments: Screenshot 2021-03-09 at 18.15.31.png, security.json

Setting up a cluster with multiple solr nodes with Kerberos using it for internode communication as well (attached security.json) and added Ranger as authorization plugin.

When sending requests the authentication happens against the end user but the authorization is for solr service user.

Tested two cases (3 nodes, have a collection with 2 replicas on 2 nodes of it):
1. send a query to a node where the collection has replica. Authorization is wrong every nodes

2. send a query to a node which doesn't contain a replica. The first place authorization is fine but when the query distributed it goes as solr service user issued.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@lucene.apache.org
For additional commands, e-mail: issues-help@lucene.apache.org