[
https://issues.apache.org/jira/browse/SOLR-8792?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15240926#comment-15240926
]
Ishan Chattopadhyaya commented on SOLR-8792:
--------------------------------------------
Actually, that default ACL provider log message was misleading. It is not for
the default ZK client, but only for a short lived client that is used to fetch
the solr.xml from ZK (if present). I can see that the VM params based ACL
provider is kicking in.
However, in my efforts to have SolrCLI work, now I am dealing with another
problem: SolrCLI doesn't get the ZK username/password passed in by the bin/solr
script while creating collections, and hence collection creation is failing.
Looking into that for now.
> ZooKeeper ACL not restricting access to zkcli
> ---------------------------------------------
>
> Key: SOLR-8792
> URL: https://issues.apache.org/jira/browse/SOLR-8792
> Project: Solr
> Issue Type: Bug
> Components: Authentication, documentation
> Affects Versions: 5.0
> Reporter: Esther Quansah
> Labels: acl, authentication, security, zkcli, zkcli.sh, zookeeper
>
> The documentation presented here:
> https://cwiki.apache.org/confluence/display/solr/ZooKeeper+Access+Control
> details the process of securing Solr content in ZooKeeper using ACLs. In the
> example usages, it is mentioned that access to zkcli can be restricted by
> adding credentials to the zkcli.sh script in addition to adding the
> appropriate classnames to solr.xml. With the scripts in zkcli.sh, another
> machine should not be able to read or write from the host ZK without the
> necessary credentials. At this time, machines are able to read/write from the
> host ZK with or without these credentials.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
