Noble Paul commented on SOLR-9541:

bq.Relying on every Authentication plugin to secure the internode communication 
is error prone.

What do you mean? The documentation says it clearly

This kicks in when there is any request going on between 2 Solr nodes. It is 
enabled only when the Authentication plugin does not wish to handle inter-node 
security (only BasicAuthPlugin as of now)  

If your AuthenticationPlugin implements {{HttpClientInterceptorPlugin}}, it can 
handle security of internode requests

> Support configurable authentication mechanism for internode communication
> -------------------------------------------------------------------------
>                 Key: SOLR-9541
>                 URL: https://issues.apache.org/jira/browse/SOLR-9541
>             Project: Solr
>          Issue Type: Improvement
>      Security Level: Public(Default Security Level. Issues are Public) 
>    Affects Versions: 5.3, 6.0
>            Reporter: Hrishikesh Gadre
> SOLR-7849 introduced PKI based authentication mechanism for internode 
> communication. The main reason for introducing SOLR-7849 was,
> >> Relying on every Authentication plugin to secure the internode 
> >> communication is error prone. 
> At Cloudera we are using Kerberos protocol for all communication without any 
> issues (i.e. between client/server as well as server/server). We should make 
> this internode authentication mechanism configurable (with default as PKI 
> based mechanism). This will allow users to decide the appropriate 
> authentication mechanism based on their security requirements.

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org

Reply via email to