Hello, My question is about the Solr Sentry plugin in a Kerberos environment.
We are encountering an issue with the Solr Sentry plugin. The issue is more fully described in SENTRY-1703 <https://issues.apache.org/jira/browse/SENTRY-1703>, but here's the summary: We suspect that in a kerberized solr-sentry environment, a Solr create query containing multiple documents as part of the request creates multiple redundant sentry authorization checks (same user, same collection, same privilege) and hence multiple downstream KDC requests. In a high volume scenario, such as a multi-node spark cluster writing to Solr, this ends up creating a huge load on KDC and eventually sentry times out on a few random KDC requests, which causes it to fail to the clients with exceptions like "User X does not have privileges for Ycollection", which is an incorrect error because the client clearly has write privilege on the collection and it works at other times. The stacktraces and sample code to reproduce are attached to the bug. My question is: 1. Can someone kindly confirm the above mentioned hypothesis? 2. Suggest any pointers to work around this issue in the meantime? Thanks, Tushar.
