[
https://issues.apache.org/jira/browse/SOLR-9513?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15829086#comment-15829086
]
Ishan Chattopadhyaya edited comment on SOLR-9513 at 1/19/17 3:59 AM:
---------------------------------------------------------------------
As I was working on the Ref Guide changes for this, I realized a confusing
potential mistake has crept in. We have a GenericHadoopAuthPlugin class and a
HadoopAuthPlugin class, both almost exact copies of each other. I guess this
happened while trying to rename the plugin names at the time of updating the PR
[0], and I didn't notice at the time of commit.
The tests are based on HadoopAuthPlugin, and we already have an RC for 6.4 out
(and this is not important enough to hold up the release).
Assuming my observations are correct and I'm not missing something, I propose
the following now:
# We go forward documenting the HadoopAuthPlugin (and the
ConfigurableInternodeAuthHadoopPlugin).
# We deprecate the GenericHadoopAuthPlugin, in favour of HadoopAuthPlugin.
[~hgadre], what do you think? I'm attaching a patch (master) for this proposed
change, which we can commit using -another issue (since this one is already
potentially released as it is part of 6.4 RC).- SOLR-9984.
[0] - https://github.com/apache/lucene-solr/pull/114.patch
was (Author: ichattopadhyaya):
As I was working on the Ref Guide changes for this, I realized a confusing
potential mistake has crept in. We have a GenericHadoopAuthPlugin class and a
HadoopAuthPlugin class, both almost exact copies of each other. I guess this
happened while trying to rename the plugin names at the time of updating the PR
[0], and I didn't notice at the time of commit.
The tests are based on HadoopAuthPlugin, and we already have an RC for 6.4 out
(and this is not important enough to hold up the release).
Assuming my observations are correct and I'm not missing something, I propose
the following now:
# We go forward documenting the HadoopAuthPlugin (and the
ConfigurableInternodeAuthHadoopPlugin).
# We deprecate the GenericHadoopAuthPlugin, in favour of HadoopAuthPlugin.
[~hgadre], what do you think? I'm attaching a patch (master) for this proposed
change, which we can commit using another issue (since this one is already
potentially released as it is part of 6.4 RC).
[0] - https://github.com/apache/lucene-solr/pull/114.patch
> Introduce a generic authentication plugin which delegates all functionality
> to Hadoop authentication framework
> --------------------------------------------------------------------------------------------------------------
>
> Key: SOLR-9513
> URL: https://issues.apache.org/jira/browse/SOLR-9513
> Project: Solr
> Issue Type: Improvement
> Security Level: Public(Default Security Level. Issues are Public)
> Reporter: Hrishikesh Gadre
> Assignee: Ishan Chattopadhyaya
> Fix For: master (7.0), 6.4
>
> Attachments: SOLR-9513_6x.patch,
> SOLR-9513-deprecate-GenericHadoopAuthPlugin.patch, SOLR-9513.patch
>
>
> Currently Solr kerberos authentication plugin delegates the core logic to
> Hadoop authentication framework. But the configuration parameters required by
> the Hadoop authentication framework are hardcoded in the plugin code itself.
> https://github.com/apache/lucene-solr/blob/5b770b56d012279d334f41e4ef7fe652480fd3cf/solr/core/src/java/org/apache/solr/security/KerberosPlugin.java#L119
> The problem with this approach is that we need to make code changes in Solr
> to expose new capabilities added in Hadoop authentication framework. e.g.
> HADOOP-12082
> We should implement a generic Solr authentication plugin which will accept
> configuration parameters via security.json (in Zookeeper) and delegate them
> to Hadoop authentication framework. This will allow to utilize new features
> in Hadoop without code changes in Solr.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
