[
https://issues.apache.org/jira/browse/SOLR-9541?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15999979#comment-15999979
]
Jan Høydahl commented on SOLR-9541:
-----------------------------------
Giving a ping on this issue in light of the new security vulnerability
reported, that existing Solr nodes will accept requests from an attacker who
pretends to be another Solr node with PKI...
> Support configurable authentication mechanism for internode communication
> -------------------------------------------------------------------------
>
> Key: SOLR-9541
> URL: https://issues.apache.org/jira/browse/SOLR-9541
> Project: Solr
> Issue Type: Improvement
> Security Level: Public(Default Security Level. Issues are Public)
> Affects Versions: 5.3, 6.0
> Reporter: Hrishikesh Gadre
>
> SOLR-7849 introduced PKI based authentication mechanism for internode
> communication. The main reason for introducing SOLR-7849 was,
> >> Relying on every Authentication plugin to secure the internode
> >> communication is error prone.
> At Cloudera we are using Kerberos protocol for all communication without any
> issues (i.e. between client/server as well as server/server). We should make
> this internode authentication mechanism configurable (with default as PKI
> based mechanism). This will allow users to decide the appropriate
> authentication mechanism based on their security requirements.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
