[
https://issues.apache.org/jira/browse/SOLR-9513?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15831208#comment-15831208
]
Hrishikesh Gadre commented on SOLR-9513:
----------------------------------------
[~ichattopadhyaya] Thanks for the writeup !
Here are couple of improvements, \\
\\
* Can we add the configuration of proxy users in the examples? You can take a
look at following snippet for reference,
https://github.com/apache/lucene-solr/blob/a2131a9e1e3a22dec3ab2185c06999edac3e2f73/solr/core/src/test/org/apache/solr/security/hadoop/TestImpersonationWithHadoopAuth.java#L61
* Instead of
{noformat}
It must be noted that it is possible that the authentication configurations
changes across Solr versions, depending
upon the version of Hadoop used within Solr and also as per the Hadoop
authentication library's release cycle and
feature changes. If you require a more stable setup, in terms of configuration,
ability to perform rolling upgrades,
backward compatibility etc., you could choose some of the other supported
authentication plugins.
{noformat}
How about
{noformat}
Please note that the version of Hadoop library used by Solr is upgraded
periodically. While Solr will ensure the
stability and backwards compatibility of the structure of the plugin
configuration (viz. the parameter names of this
plugin), the values of these parameters may change based on the version of
Hadoop library. Please review the
Hadoop documentation for the version used by your Solr installation for more
details.
For some of the authentication schemes (e.g. kerberos), Solr provides a native
implementation of authentication
plugin. If you require a more stable setup, in terms of configuration, ability
to perform rolling upgrades,
backward compatibility etc., you should consider using such plugin. Please
review _link_to_top_level_solr_auth_doc
for more details.
{noformat}
> Introduce a generic authentication plugin which delegates all functionality
> to Hadoop authentication framework
> --------------------------------------------------------------------------------------------------------------
>
> Key: SOLR-9513
> URL: https://issues.apache.org/jira/browse/SOLR-9513
> Project: Solr
> Issue Type: Improvement
> Security Level: Public(Default Security Level. Issues are Public)
> Reporter: Hrishikesh Gadre
> Assignee: Ishan Chattopadhyaya
> Fix For: master (7.0), 6.4
>
> Attachments: SOLR-9513_6x.patch,
> SOLR-9513-deprecate-GenericHadoopAuthPlugin.patch, SOLR-9513.patch
>
>
> Currently Solr kerberos authentication plugin delegates the core logic to
> Hadoop authentication framework. But the configuration parameters required by
> the Hadoop authentication framework are hardcoded in the plugin code itself.
> https://github.com/apache/lucene-solr/blob/5b770b56d012279d334f41e4ef7fe652480fd3cf/solr/core/src/java/org/apache/solr/security/KerberosPlugin.java#L119
> The problem with this approach is that we need to make code changes in Solr
> to expose new capabilities added in Hadoop authentication framework. e.g.
> HADOOP-12082
> We should implement a generic Solr authentication plugin which will accept
> configuration parameters via security.json (in Zookeeper) and delegate them
> to Hadoop authentication framework. This will allow to utilize new features
> in Hadoop without code changes in Solr.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
