[
https://issues.apache.org/jira/browse/SOLR-7468?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ishan Chattopadhyaya updated SOLR-7468:
---------------------------------------
Attachment: SOLR-7468.patch
Updating the patch.
Now contains:
* A test based on MiniSolrCloudCluster with kerberos, using hadoop-minikdc. It
is sometimes fails due to minikdc, but with a real external KDC, always passes.
Need to look into why.
* Parameter names changed slightly.
* Adding a @lucene.experimental annotation to some of the classes.
Here is an example start command:
{noformat}
bin/solr -c -a "-Djava.security.auth.login.config=/home/ishan/jaas-client.conf
-Dsolr.kerberos.jaas.appname=SolrClient -Dcookie.domain=192.168.122.1
-Dkerberos.principal=HTTP/192.168.12...@example.com
-Dkerberos.keytab=/tmp/solr.keytab
-DauthenticationPlugin=org.apache.solr.security.KerberosPlugin"
{noformat}
This starts the solr service with kerberos plugin. This can also be specified
at ZK (see SOLR-7275 for /security.json format). The jaas-client.conf is
specified at SOLR-7274.
TODO:
* SolrCLI changes
* Look into why the test fails sometimes
> Kerberos authentication module
> ------------------------------
>
> Key: SOLR-7468
> URL: https://issues.apache.org/jira/browse/SOLR-7468
> Project: Solr
> Issue Type: New Feature
> Components: security
> Reporter: Ishan Chattopadhyaya
> Attachments: SOLR-7468.patch, SOLR-7468.patch, SOLR-7468.patch
>
>
> SOLR-7274 introduces a pluggable authentication framework. This issue
> provides a Kerberos plugin implementation.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
