You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@lucene.apache.org by "Don Bosco Durai (JIRA)" <ji...@apache.org> on 2015/07/23 20:03:04 UTC

[jira] [Created] (SOLR-7824) Make server kerberos subject available to authorization plugin code

Don Bosco Durai created SOLR-7824:
-------------------------------------

             Summary: Make server kerberos subject available to authorization plugin code
                 Key: SOLR-7824
                 URL: https://issues.apache.org/jira/browse/SOLR-7824
             Project: Solr
          Issue Type: Improvement
          Components: security, Server
    Affects Versions: 5.2
            Reporter: Don Bosco Durai


[~ichattopadhyaya] and [~anshumg], thanks for implementing Kerberos authentication in Solr as part of https://issues.apache.org/jira/browse/SOLR-7468

Is it possible to make the kerberos subject used by the Solr process made available to the authorization. It could be a static method which gives the subject.

The reason being, in Apache Ranger implementation of the authorization plugin, we also do Audit. When we want to write the audit logs to Kerberized HDFS or Kerberized Solr, we have to read the jaas file again and create the subject/principal. This requires the authorization code duplicate the tasks done the by Solr server, which includes reading the jaas file and principal from -D option or other config files. Since this might change over the period of time, it is better to just reuse subject the Solr server creates for interacting between the nodes.




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org