You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@lucene.apache.org by "Ishan Chattopadhyaya (JIRA)" <ji...@apache.org> on 2017/01/19 00:59:26 UTC
[jira] [Updated] (SOLR-9513) Introduce a generic authentication
plugin which delegates all functionality to Hadoop authentication framework
[ https://issues.apache.org/jira/browse/SOLR-9513?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ishan Chattopadhyaya updated SOLR-9513:
---------------------------------------
Attachment: SOLR-9513-deprecate-GenericHadoopAuthPlugin.patch
As I was working on the Ref Guide changes for this, I realized a confusing potential mistake has crept in. We have a GenericHadoopAuthPlugin class and a HadoopAuthPlugin class, both almost exact copies of each other. I guess this happened while trying to rename the plugin names before updating the PR [0], and I didn't notice at the time of commit.
The tests are based on HadoopAuthPlugin, and we already have an RC for 6.4 out (and this is not important enough to hold up the release).
Assuming my observations are correct and I'm not missing something, I propose the following now:
# We go forward documenting the HadoopAuthPlugin (and the ConfigurableInternodeAuthHadoopPlugin).
# We deprecate the GenericHadoopAuthPlugin, in favour of HadoopAuthPlugin.
[~hgadre], what do you think? I'm attaching a patch (master) for this proposed change, which we can commit using another issue (since this one is already potentially released as it is part of 6.4 RC).
[0] - https://github.com/apache/lucene-solr/pull/114.patch
> Introduce a generic authentication plugin which delegates all functionality to Hadoop authentication framework
> --------------------------------------------------------------------------------------------------------------
>
> Key: SOLR-9513
> URL: https://issues.apache.org/jira/browse/SOLR-9513
> Project: Solr
> Issue Type: Improvement
> Security Level: Public(Default Security Level. Issues are Public)
> Reporter: Hrishikesh Gadre
> Assignee: Ishan Chattopadhyaya
> Fix For: master (7.0), 6.4
>
> Attachments: SOLR-9513_6x.patch, SOLR-9513-deprecate-GenericHadoopAuthPlugin.patch, SOLR-9513.patch
>
>
> Currently Solr kerberos authentication plugin delegates the core logic to Hadoop authentication framework. But the configuration parameters required by the Hadoop authentication framework are hardcoded in the plugin code itself.
> https://github.com/apache/lucene-solr/blob/5b770b56d012279d334f41e4ef7fe652480fd3cf/solr/core/src/java/org/apache/solr/security/KerberosPlugin.java#L119
> The problem with this approach is that we need to make code changes in Solr to expose new capabilities added in Hadoop authentication framework. e.g. HADOOP-12082
> We should implement a generic Solr authentication plugin which will accept configuration parameters via security.json (in Zookeeper) and delegate them to Hadoop authentication framework. This will allow to utilize new features in Hadoop without code changes in Solr.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org