[
https://issues.apache.org/jira/browse/SOLR-10307?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16054676#comment-16054676
]
Michael Suzuki edited comment on SOLR-10307 at 6/19/17 8:23 PM:
----------------------------------------------------------------
[~manokovacs] I have upgraded and tried this feature on solr 7 and 6.x and
found an issue... I am unable to make this work unless the password is "secret".
Any attempt to set a new password for my keystrore or truststore is ignored,
after reviewing the code and comments I understand why you excluded the option
to pass it as a system param.
The only way to get this to work is by setting the environment as follow:
{code}
export SOLR_SSL_TRUST_STORE_PASSWORD=bob
{code}
Please note that upon runtime the value entered is ignored and instead it will
take the value set in solr.ini.sh.
This seems to be a bit counter intuitive, making ssl setup more complicated and
confusing. Is this the intended behaviour or are we missing this export line in
solr.sh. Again thanks for adding this much needed feature!
was (Author: michaelsuzuki):
[~manokovacs] I have upgraded and tried this feature on solr 7 and 6.x and
found an issue... I am unable to make this work unless the password is secret.
Any attempt to set a new password for my keystrore or truststore is ignored,
after reviewing the code and comments I understand why you excluded the option
to pass it as a system param.
The only way to get this to work is by setting the environment as follow:
{code}
export SOLR_SSL_TRUST_STORE_PASSWORD=bob
{code}
Please note that upon runtime the value entered is ignored and instead it will
take the value set in solr.ini.sh.
This seems to be a bit counter intuitive, making ssl setup more complicated and
confusing. Is this the intended behaviour or are we missing this export line in
solr.sh. Again thanks for adding this much needed feature!
> Provide SSL/TLS keystore password a more secure way
> ---------------------------------------------------
>
> Key: SOLR-10307
> URL: https://issues.apache.org/jira/browse/SOLR-10307
> Project: Solr
> Issue Type: Improvement
> Security Level: Public(Default Security Level. Issues are Public)
> Components: security
> Reporter: Mano Kovacs
> Assignee: Mark Miller
> Fix For: master (7.0), 6.7
>
> Attachments: SOLR-10307.patch, SOLR-10307.patch, SOLR-10307.patch
>
>
> Currently the only way to pass server and client side SSL keytstore and
> truststore passwords is to set specific environment variables that will be
> passed as system properties, through command line parameter.
> First option is to pass passwords through environment variables which gives a
> better level of protection. Second option would be to use hadoop credential
> provider interface to access credential store.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
