[
https://issues.apache.org/jira/browse/SOLR-7849?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14650095#comment-14650095
]
Noble Paul commented on SOLR-7849:
----------------------------------
bq. How will node B be able to lookup the public key from core admin API of
node A if A requires B to also authenticate? Perhaps publish pub-key through ZK
instead of core admin?
The public-key will be available at every node through a standard end-point e.g
{{/admin/cores/key}} which will always be unprotected
bq.What should happen in multi-DC case; would cross cluster communication be
treated as "internal"?
That mechanism will have to be sorted out. Not a part of this ticket
e.g : node-A in DC1 cluster wants to lookup node-P in DC2 cluster. We will
publish the zk address of DC2 cluster in ZK of DC1 cluster and vice versa. This
way node-A will trust al nodes in DC2 cluster as well
bq.What would <original-user-principal> be in case the action is initiated by
Solr and not an external request?
It will be a standard string like {{'$'}} which means the node itself is the
principal
> Secure Inter-node communication in a standard mechanism
> --------------------------------------------------------
>
> Key: SOLR-7849
> URL: https://issues.apache.org/jira/browse/SOLR-7849
> Project: Solr
> Issue Type: Sub-task
> Reporter: Noble Paul
> Assignee: Noble Paul
>
> Relying on every Authentication plugin to secure the internode communication
> is error prone. Solr can standardize the authentication so that only the
> first request that comes from outside the cluster needs to be authenticated
> by the authentication plugin
> The scheme to protect the communication will be as follows
> * Every Solr node creates a an RSA key pair
> * The private key is kept private and the public key is made available
> through a core admin API
> * If authentication is enabled , every outgoing request will carry an extra
> header {{ SolrAuth : <nodename>
> encrypt_with_pvt_key(<original-user-principal> <timestamp>) }}
> * If authentication is enabled {{SolrDispatchFilter}} would look for this
> header and see the nodename
> ** If the public key of the nodename is available in cache , make a request
> to the node and fetch the public key
> ** If the public key has changed (because of a server restart) decryption
> fails and the public keyis fetched again
> * If the decryption succeeds , the user-name is set to what the header has
> encoded
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
