Jan H√łydahl commented on SOLR-9541:

Would you say PKI is less secure than, say, Kerberos? There is some value in 
the simplicity of this as well, no need to store any secrets in the configs etc?

> Support configurable authentication mechanism for internode communication
> -------------------------------------------------------------------------
>                 Key: SOLR-9541
>                 URL: https://issues.apache.org/jira/browse/SOLR-9541
>             Project: Solr
>          Issue Type: Improvement
>      Security Level: Public(Default Security Level. Issues are Public) 
>    Affects Versions: 5.3, 6.0
>            Reporter: Hrishikesh Gadre
> SOLR-7849 introduced PKI based authentication mechanism for internode 
> communication. The main reason for introducing SOLR-7849 was,
> >> Relying on every Authentication plugin to secure the internode 
> >> communication is error prone. 
> At Cloudera we are using Kerberos protocol for all communication without any 
> issues (i.e. between client/server as well as server/server). We should make 
> this internode authentication mechanism configurable (with default as PKI 
> based mechanism). This will allow users to decide the appropriate 
> authentication mechanism based on their security requirements.

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org

Reply via email to