Don Bosco Durai created SOLR-7824:
-------------------------------------
Summary: Make server kerberos subject available to authorization
plugin code
Key: SOLR-7824
URL: https://issues.apache.org/jira/browse/SOLR-7824
Project: Solr
Issue Type: Improvement
Components: security, Server
Affects Versions: 5.2
Reporter: Don Bosco Durai
[~ichattopadhyaya] and [~anshumg], thanks for implementing Kerberos
authentication in Solr as part of
https://issues.apache.org/jira/browse/SOLR-7468
Is it possible to make the kerberos subject used by the Solr process made
available to the authorization. It could be a static method which gives the
subject.
The reason being, in Apache Ranger implementation of the authorization plugin,
we also do Audit. When we want to write the audit logs to Kerberized HDFS or
Kerberized Solr, we have to read the jaas file again and create the
subject/principal. This requires the authorization code duplicate the tasks
done the by Solr server, which includes reading the jaas file and principal
from -D option or other config files. Since this might change over the period
of time, it is better to just reuse subject the Solr server creates for
interacting between the nodes.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
