Noble Paul created SOLR-7849:
--------------------------------
Summary: Secure Inter-node communication ina standard mechanism
Key: SOLR-7849
URL: https://issues.apache.org/jira/browse/SOLR-7849
Project: Solr
Issue Type: Sub-task
Reporter: Noble Paul
Assignee: Noble Paul
Relying on every Authentication plugin to secure the internode communication is
error prone. Solr can standardize the authentication so that only the first
request that comes from outside the cluster needs to be authenticated by the
authentication plugin
The scheme to protect the communication will be as follows
* Every Solr node creates a an RSA key pair
* The private key is kept private and the public key is made available through
a core admin API
* If authentication is enabled , every outgoing request will carry an extra
header {{ SolrAuth : <nodename> encrypt_with_pvt_key(<original-user-principal>
<timestamp>) }}
* If authentication is enabled {{SolrDispatchFilter}} would look for this
header and see the nodename
** If the public key of the nodename is available in cache , make a request to
the node and fetch the public key
** If the public key has changed (because of a server restart) decryption fails
and the public keyis fetched again
* If the decryption succeeds , the user-name is set to what the header has
encoded
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
