[
https://issues.apache.org/jira/browse/SOLR-8792?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Steve Rowe updated SOLR-8792:
-----------------------------
Attachment: SOLR-8792.patch
Couple changes from previous patch:
# {{server/solr/solr.xml}} now includes {{zkACLProvider}} and
{{zkCredentialsProvider}} config in the {{<solrcloud>}} section that pull in
the corresponding sysprops if defined, and defaults to the default
implementations if not. This way the user doesn't have to modify {{solr.xml}}
at all.
# The zkcli script additions are corrected to include {{zkACLProvider}} and
{{zkCredentialsProvider}} sysprops (previously didn't include them).
# Passwords in commented out ZK ACL config are now {{CHANGEME-ADMIN-PASSWORD}}
and {{CHANGEME-READONLY-PASSWORD}} (previously were {{admin-password}} and
{{readonly-password}}).
Manual testing on OS X looks good, will do some Windows testing before I commit.
> ZooKeeper ACL support broken
> ----------------------------
>
> Key: SOLR-8792
> URL: https://issues.apache.org/jira/browse/SOLR-8792
> Project: Solr
> Issue Type: Bug
> Components: Authentication, documentation
> Affects Versions: 5.0
> Reporter: Esther Quansah
> Assignee: Steve Rowe
> Labels: acl, authentication, security, zkcli, zkcli.sh, zookeeper
> Fix For: 6.1
>
> Attachments: SOLR-8792.patch, SOLR-8792.patch, SOLR-8792.patch
>
>
> The documentation presented here:
> https://cwiki.apache.org/confluence/display/solr/ZooKeeper+Access+Control
> details the process of securing Solr content in ZooKeeper using ACLs. In the
> example usages, it is mentioned that access to zkcli can be restricted by
> adding credentials to the zkcli.sh script in addition to adding the
> appropriate classnames to solr.xml. With the scripts in zkcli.sh, another
> machine should not be able to read or write from the host ZK without the
> necessary credentials. At this time, machines are able to read/write from the
> host ZK with or without these credentials.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
