[
https://issues.apache.org/jira/browse/SOLR-9640?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16040600#comment-16040600
]
Jan Høydahl commented on SOLR-9640:
-----------------------------------
bq. In master slave setup, how do you trust other nodes?
Good catch. I think that knowledge needs to be injected into each Solr node at
startup, so PKI will not go on fetching pub key from a node that is not
pre-defined.
Wrt trusting nodes in ZK, you can only if you somehow limit access to ZK. A
wide open ZK can be tampered with, e.g. clients can stand up a new Solr node
which then becomes trusted wrt PKI... How would this play out if ZK ACLs are in
place? Would a Solr node with R/O ZK access be added to liveNodes if it
attempts to join the cluster?
> Support PKI authentication and SSL in standalone-mode master/slave auth with
> local security.json
> ------------------------------------------------------------------------------------------------
>
> Key: SOLR-9640
> URL: https://issues.apache.org/jira/browse/SOLR-9640
> Project: Solr
> Issue Type: New Feature
> Security Level: Public(Default Security Level. Issues are Public)
> Components: security
> Reporter: Jan Høydahl
> Assignee: Jan Høydahl
> Labels: authentication, pki
> Fix For: 6.6, master (7.0)
>
> Attachments: SOLR-9640.patch, SOLR-9640.patch, SOLR-9640.patch,
> SOLR-9640.patch, SOLR-9640.patch
>
>
> While working with SOLR-9481 I managed to secure Solr standalone on a
> single-node server. However, when adding
> {{&shards=localhost:8081/solr/foo,localhost:8082/solr/foo}} to the request, I
> get 401 error. This issue will fix PKI auth to work for standalone, which
> should automatically make both sharding and master/slave index replication
> work.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
