You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@lucene.apache.org by "Don Bosco Durai (JIRA)" <ji...@apache.org> on 2015/07/23 20:03:04 UTC
[jira] [Created] (SOLR-7824) Make server kerberos subject available
to authorization plugin code
Don Bosco Durai created SOLR-7824:
-------------------------------------
Summary: Make server kerberos subject available to authorization plugin code
Key: SOLR-7824
URL: https://issues.apache.org/jira/browse/SOLR-7824
Project: Solr
Issue Type: Improvement
Components: security, Server
Affects Versions: 5.2
Reporter: Don Bosco Durai
[~ichattopadhyaya] and [~anshumg], thanks for implementing Kerberos authentication in Solr as part of https://issues.apache.org/jira/browse/SOLR-7468
Is it possible to make the kerberos subject used by the Solr process made available to the authorization. It could be a static method which gives the subject.
The reason being, in Apache Ranger implementation of the authorization plugin, we also do Audit. When we want to write the audit logs to Kerberized HDFS or Kerberized Solr, we have to read the jaas file again and create the subject/principal. This requires the authorization code duplicate the tasks done the by Solr server, which includes reading the jaas file and principal from -D option or other config files. Since this might change over the period of time, it is better to just reuse subject the Solr server creates for interacting between the nodes.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org