[jira] [Commented] (SOLR-7849) Secure Inter-node communication in a standard mechanism
[
https://issues.apache.org/jira/browse/SOLR-7849?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14679091#comment-14679091
]
ASF subversion and git services commented on SOLR-7849:
---
Commit 1694867 from [~noble.paul] in branch 'dev/trunk'
[ https://svn.apache.org/r1694867 ]
SOLR-7849: Hardening tests
Secure Inter-node communication in a standard mechanism
Key: SOLR-7849
URL: https://issues.apache.org/jira/browse/SOLR-7849
Project: Solr
Issue Type: Sub-task
Reporter: Noble Paul
Assignee: Noble Paul
Fix For: 5.3, Trunk
Attachments: SOLR-7849.patch, SOLR-7849.patch, SOLR-7849.patch,
SOLR-7849.patch
Relying on every Authentication plugin to secure the internode communication
is error prone. Solr can standardize the authentication so that only the
first request that comes from outside the cluster needs to be authenticated
by the authentication plugin
The scheme to protect the communication will be as follows
* Every Solr node creates a an RSA key pair
* The private key is kept private and the public key is made available
through a core admin API
* If authentication is enabled , every outgoing request will carry an extra
header {{ SolrAuth : nodename
encrypt_with_pvt_key(original-user-principal timestamp) }}
* If authentication is enabled {{SolrDispatchFilter}} would look for this
header and see the nodename
** If the public key of the nodename is available in cache , make a request
to the node and fetch the public key
** If the public key has changed (because of a server restart) decryption
fails and the public keyis fetched again
* If the decryption succeeds , the user-name is set to what the header has
encoded
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-7849) Secure Inter-node communication in a standard mechanism
[
https://issues.apache.org/jira/browse/SOLR-7849?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14679093#comment-14679093
]
ASF subversion and git services commented on SOLR-7849:
---
Commit 1694868 from [~noble.paul] in branch 'dev/branches/branch_5x'
[ https://svn.apache.org/r1694868 ]
SOLR-7849: Hardening tests
Secure Inter-node communication in a standard mechanism
Key: SOLR-7849
URL: https://issues.apache.org/jira/browse/SOLR-7849
Project: Solr
Issue Type: Sub-task
Reporter: Noble Paul
Assignee: Noble Paul
Fix For: 5.3, Trunk
Attachments: SOLR-7849.patch, SOLR-7849.patch, SOLR-7849.patch,
SOLR-7849.patch
Relying on every Authentication plugin to secure the internode communication
is error prone. Solr can standardize the authentication so that only the
first request that comes from outside the cluster needs to be authenticated
by the authentication plugin
The scheme to protect the communication will be as follows
* Every Solr node creates a an RSA key pair
* The private key is kept private and the public key is made available
through a core admin API
* If authentication is enabled , every outgoing request will carry an extra
header {{ SolrAuth : nodename
encrypt_with_pvt_key(original-user-principal timestamp) }}
* If authentication is enabled {{SolrDispatchFilter}} would look for this
header and see the nodename
** If the public key of the nodename is available in cache , make a request
to the node and fetch the public key
** If the public key has changed (because of a server restart) decryption
fails and the public keyis fetched again
* If the decryption succeeds , the user-name is set to what the header has
encoded
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-7849) Secure Inter-node communication in a standard mechanism
[
https://issues.apache.org/jira/browse/SOLR-7849?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14661817#comment-14661817
]
ASF subversion and git services commented on SOLR-7849:
---
Commit 1694683 from [~noble.paul] in branch 'dev/branches/branch_5x'
[ https://svn.apache.org/r1694683 ]
SOLR-7849: avoid re-regisetring pkiAuthentication plugin http interceptor
Secure Inter-node communication in a standard mechanism
Key: SOLR-7849
URL: https://issues.apache.org/jira/browse/SOLR-7849
Project: Solr
Issue Type: Sub-task
Reporter: Noble Paul
Assignee: Noble Paul
Fix For: 5.3, Trunk
Attachments: SOLR-7849.patch, SOLR-7849.patch, SOLR-7849.patch,
SOLR-7849.patch
Relying on every Authentication plugin to secure the internode communication
is error prone. Solr can standardize the authentication so that only the
first request that comes from outside the cluster needs to be authenticated
by the authentication plugin
The scheme to protect the communication will be as follows
* Every Solr node creates a an RSA key pair
* The private key is kept private and the public key is made available
through a core admin API
* If authentication is enabled , every outgoing request will carry an extra
header {{ SolrAuth : nodename
encrypt_with_pvt_key(original-user-principal timestamp) }}
* If authentication is enabled {{SolrDispatchFilter}} would look for this
header and see the nodename
** If the public key of the nodename is available in cache , make a request
to the node and fetch the public key
** If the public key has changed (because of a server restart) decryption
fails and the public keyis fetched again
* If the decryption succeeds , the user-name is set to what the header has
encoded
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-7849) Secure Inter-node communication in a standard mechanism
[
https://issues.apache.org/jira/browse/SOLR-7849?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14661812#comment-14661812
]
ASF subversion and git services commented on SOLR-7849:
---
Commit 1694681 from [~noble.paul] in branch 'dev/trunk'
[ https://svn.apache.org/r1694681 ]
SOLR-7849: avoid re-regisetring pkiAuthentication plugin http interceptor
Secure Inter-node communication in a standard mechanism
Key: SOLR-7849
URL: https://issues.apache.org/jira/browse/SOLR-7849
Project: Solr
Issue Type: Sub-task
Reporter: Noble Paul
Assignee: Noble Paul
Fix For: 5.3, Trunk
Attachments: SOLR-7849.patch, SOLR-7849.patch, SOLR-7849.patch,
SOLR-7849.patch
Relying on every Authentication plugin to secure the internode communication
is error prone. Solr can standardize the authentication so that only the
first request that comes from outside the cluster needs to be authenticated
by the authentication plugin
The scheme to protect the communication will be as follows
* Every Solr node creates a an RSA key pair
* The private key is kept private and the public key is made available
through a core admin API
* If authentication is enabled , every outgoing request will carry an extra
header {{ SolrAuth : nodename
encrypt_with_pvt_key(original-user-principal timestamp) }}
* If authentication is enabled {{SolrDispatchFilter}} would look for this
header and see the nodename
** If the public key of the nodename is available in cache , make a request
to the node and fetch the public key
** If the public key has changed (because of a server restart) decryption
fails and the public keyis fetched again
* If the decryption succeeds , the user-name is set to what the header has
encoded
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-7849) Secure Inter-node communication in a standard mechanism
[
https://issues.apache.org/jira/browse/SOLR-7849?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14661772#comment-14661772
]
ASF subversion and git services commented on SOLR-7849:
---
Commit 1694673 from [~noble.paul] in branch 'dev/trunk'
[ https://svn.apache.org/r1694673 ]
SOLR-7849: Verify all nodes have received the new security config
Secure Inter-node communication in a standard mechanism
Key: SOLR-7849
URL: https://issues.apache.org/jira/browse/SOLR-7849
Project: Solr
Issue Type: Sub-task
Reporter: Noble Paul
Assignee: Noble Paul
Fix For: 5.3, Trunk
Attachments: SOLR-7849.patch, SOLR-7849.patch, SOLR-7849.patch,
SOLR-7849.patch
Relying on every Authentication plugin to secure the internode communication
is error prone. Solr can standardize the authentication so that only the
first request that comes from outside the cluster needs to be authenticated
by the authentication plugin
The scheme to protect the communication will be as follows
* Every Solr node creates a an RSA key pair
* The private key is kept private and the public key is made available
through a core admin API
* If authentication is enabled , every outgoing request will carry an extra
header {{ SolrAuth : nodename
encrypt_with_pvt_key(original-user-principal timestamp) }}
* If authentication is enabled {{SolrDispatchFilter}} would look for this
header and see the nodename
** If the public key of the nodename is available in cache , make a request
to the node and fetch the public key
** If the public key has changed (because of a server restart) decryption
fails and the public keyis fetched again
* If the decryption succeeds , the user-name is set to what the header has
encoded
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-7849) Secure Inter-node communication in a standard mechanism
[
https://issues.apache.org/jira/browse/SOLR-7849?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14661776#comment-14661776
]
ASF subversion and git services commented on SOLR-7849:
---
Commit 1694675 from [~noble.paul] in branch 'dev/branches/branch_5x'
[ https://svn.apache.org/r1694675 ]
SOLR-7849: Verify all nodes have received the new security config
Secure Inter-node communication in a standard mechanism
Key: SOLR-7849
URL: https://issues.apache.org/jira/browse/SOLR-7849
Project: Solr
Issue Type: Sub-task
Reporter: Noble Paul
Assignee: Noble Paul
Fix For: 5.3, Trunk
Attachments: SOLR-7849.patch, SOLR-7849.patch, SOLR-7849.patch,
SOLR-7849.patch
Relying on every Authentication plugin to secure the internode communication
is error prone. Solr can standardize the authentication so that only the
first request that comes from outside the cluster needs to be authenticated
by the authentication plugin
The scheme to protect the communication will be as follows
* Every Solr node creates a an RSA key pair
* The private key is kept private and the public key is made available
through a core admin API
* If authentication is enabled , every outgoing request will carry an extra
header {{ SolrAuth : nodename
encrypt_with_pvt_key(original-user-principal timestamp) }}
* If authentication is enabled {{SolrDispatchFilter}} would look for this
header and see the nodename
** If the public key of the nodename is available in cache , make a request
to the node and fetch the public key
** If the public key has changed (because of a server restart) decryption
fails and the public keyis fetched again
* If the decryption succeeds , the user-name is set to what the header has
encoded
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-7849) Secure Inter-node communication in a standard mechanism
[
https://issues.apache.org/jira/browse/SOLR-7849?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14655245#comment-14655245
]
Ishan Chattopadhyaya commented on SOLR-7849:
+1, looks great!
Here are some minor issues:
1.
{noformat}
private void addHttpConfigurer(Object authcPlugin) {
...
log.info(Reconfiguring the shard handler factory and update shard
handler.);
{noformat}
Can we change it to:
{noformat}
log.info(Reconfiguring the httpclients of shard handler factory and
update shard handler.);
{noformat}
2.
{noformat}
private void addHttpConfigurer(Object authcPlugin) {
log.info(addHttpConfigurer());//TODO no commit
{noformat}
I don't see any reason for the nocommit here. Is there something missing still?
3.
I think in SDF's `doFilter()`,
{noformat}
if (cores.getAuthenticationPlugin() != null) {
{noformat}
should be
{noformat}
if (cores != null cores.getAuthenticationPlugin() != null) {
{noformat}
This is for those requests that come in even before the init() has finished
execution.
4. In PKIAuthenticationPlugin,
{noformat}
private int maxValidity = 5000;
{noformat}
Am I correct in my understanding that the received internode request's
timestamp and current timestamp shouldn't be more than this maxValidity? If
that's true, I think an out of the box default of 5 secs is too less. Also,
shouldn't this be configurable?
Secure Inter-node communication in a standard mechanism
Key: SOLR-7849
URL: https://issues.apache.org/jira/browse/SOLR-7849
Project: Solr
Issue Type: Sub-task
Reporter: Noble Paul
Assignee: Noble Paul
Attachments: SOLR-7849.patch, SOLR-7849.patch, SOLR-7849.patch,
SOLR-7849.patch
Relying on every Authentication plugin to secure the internode communication
is error prone. Solr can standardize the authentication so that only the
first request that comes from outside the cluster needs to be authenticated
by the authentication plugin
The scheme to protect the communication will be as follows
* Every Solr node creates a an RSA key pair
* The private key is kept private and the public key is made available
through a core admin API
* If authentication is enabled , every outgoing request will carry an extra
header {{ SolrAuth : nodename
encrypt_with_pvt_key(original-user-principal timestamp) }}
* If authentication is enabled {{SolrDispatchFilter}} would look for this
header and see the nodename
** If the public key of the nodename is available in cache , make a request
to the node and fetch the public key
** If the public key has changed (because of a server restart) decryption
fails and the public keyis fetched again
* If the decryption succeeds , the user-name is set to what the header has
encoded
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-7849) Secure Inter-node communication in a standard mechanism
[
https://issues.apache.org/jira/browse/SOLR-7849?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14658249#comment-14658249
]
ASF subversion and git services commented on SOLR-7849:
---
Commit 1694217 from [~noble.paul] in branch 'dev/trunk'
[ https://svn.apache.org/r1694217 ]
SOLR-7849: Solr-managed inter-node authentication when authentication enabled
Secure Inter-node communication in a standard mechanism
Key: SOLR-7849
URL: https://issues.apache.org/jira/browse/SOLR-7849
Project: Solr
Issue Type: Sub-task
Reporter: Noble Paul
Assignee: Noble Paul
Attachments: SOLR-7849.patch, SOLR-7849.patch, SOLR-7849.patch,
SOLR-7849.patch
Relying on every Authentication plugin to secure the internode communication
is error prone. Solr can standardize the authentication so that only the
first request that comes from outside the cluster needs to be authenticated
by the authentication plugin
The scheme to protect the communication will be as follows
* Every Solr node creates a an RSA key pair
* The private key is kept private and the public key is made available
through a core admin API
* If authentication is enabled , every outgoing request will carry an extra
header {{ SolrAuth : nodename
encrypt_with_pvt_key(original-user-principal timestamp) }}
* If authentication is enabled {{SolrDispatchFilter}} would look for this
header and see the nodename
** If the public key of the nodename is available in cache , make a request
to the node and fetch the public key
** If the public key has changed (because of a server restart) decryption
fails and the public keyis fetched again
* If the decryption succeeds , the user-name is set to what the header has
encoded
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-7849) Secure Inter-node communication in a standard mechanism
[
https://issues.apache.org/jira/browse/SOLR-7849?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14658329#comment-14658329
]
ASF subversion and git services commented on SOLR-7849:
---
Commit 1694239 from [~noble.paul] in branch 'dev/branches/branch_5x'
[ https://svn.apache.org/r1694239 ]
SOLR-7849: Solr-managed inter-node authentication when authentication enabled
Secure Inter-node communication in a standard mechanism
Key: SOLR-7849
URL: https://issues.apache.org/jira/browse/SOLR-7849
Project: Solr
Issue Type: Sub-task
Reporter: Noble Paul
Assignee: Noble Paul
Attachments: SOLR-7849.patch, SOLR-7849.patch, SOLR-7849.patch,
SOLR-7849.patch
Relying on every Authentication plugin to secure the internode communication
is error prone. Solr can standardize the authentication so that only the
first request that comes from outside the cluster needs to be authenticated
by the authentication plugin
The scheme to protect the communication will be as follows
* Every Solr node creates a an RSA key pair
* The private key is kept private and the public key is made available
through a core admin API
* If authentication is enabled , every outgoing request will carry an extra
header {{ SolrAuth : nodename
encrypt_with_pvt_key(original-user-principal timestamp) }}
* If authentication is enabled {{SolrDispatchFilter}} would look for this
header and see the nodename
** If the public key of the nodename is available in cache , make a request
to the node and fetch the public key
** If the public key has changed (because of a server restart) decryption
fails and the public keyis fetched again
* If the decryption succeeds , the user-name is set to what the header has
encoded
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-7849) Secure Inter-node communication in a standard mechanism
[
https://issues.apache.org/jira/browse/SOLR-7849?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14658336#comment-14658336
]
Ishan Chattopadhyaya commented on SOLR-7849:
There is still a TODO: no commit in CoreContainer.java.
Secure Inter-node communication in a standard mechanism
Key: SOLR-7849
URL: https://issues.apache.org/jira/browse/SOLR-7849
Project: Solr
Issue Type: Sub-task
Reporter: Noble Paul
Assignee: Noble Paul
Fix For: 5.3, Trunk
Attachments: SOLR-7849.patch, SOLR-7849.patch, SOLR-7849.patch,
SOLR-7849.patch
Relying on every Authentication plugin to secure the internode communication
is error prone. Solr can standardize the authentication so that only the
first request that comes from outside the cluster needs to be authenticated
by the authentication plugin
The scheme to protect the communication will be as follows
* Every Solr node creates a an RSA key pair
* The private key is kept private and the public key is made available
through a core admin API
* If authentication is enabled , every outgoing request will carry an extra
header {{ SolrAuth : nodename
encrypt_with_pvt_key(original-user-principal timestamp) }}
* If authentication is enabled {{SolrDispatchFilter}} would look for this
header and see the nodename
** If the public key of the nodename is available in cache , make a request
to the node and fetch the public key
** If the public key has changed (because of a server restart) decryption
fails and the public keyis fetched again
* If the decryption succeeds , the user-name is set to what the header has
encoded
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-7849) Secure Inter-node communication in a standard mechanism
[
https://issues.apache.org/jira/browse/SOLR-7849?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14658358#comment-14658358
]
ASF subversion and git services commented on SOLR-7849:
---
Commit 1694247 from [~noble.paul] in branch 'dev/branches/branch_5x'
[ https://svn.apache.org/r1694247 ]
SOLR-7849: Predicate is not available in java 7
Secure Inter-node communication in a standard mechanism
Key: SOLR-7849
URL: https://issues.apache.org/jira/browse/SOLR-7849
Project: Solr
Issue Type: Sub-task
Reporter: Noble Paul
Assignee: Noble Paul
Fix For: 5.3, Trunk
Attachments: SOLR-7849.patch, SOLR-7849.patch, SOLR-7849.patch,
SOLR-7849.patch
Relying on every Authentication plugin to secure the internode communication
is error prone. Solr can standardize the authentication so that only the
first request that comes from outside the cluster needs to be authenticated
by the authentication plugin
The scheme to protect the communication will be as follows
* Every Solr node creates a an RSA key pair
* The private key is kept private and the public key is made available
through a core admin API
* If authentication is enabled , every outgoing request will carry an extra
header {{ SolrAuth : nodename
encrypt_with_pvt_key(original-user-principal timestamp) }}
* If authentication is enabled {{SolrDispatchFilter}} would look for this
header and see the nodename
** If the public key of the nodename is available in cache , make a request
to the node and fetch the public key
** If the public key has changed (because of a server restart) decryption
fails and the public keyis fetched again
* If the decryption succeeds , the user-name is set to what the header has
encoded
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-7849) Secure Inter-node communication in a standard mechanism
[
https://issues.apache.org/jira/browse/SOLR-7849?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14658372#comment-14658372
]
ASF subversion and git services commented on SOLR-7849:
---
Commit 1694250 from [~noble.paul] in branch 'dev/branches/lucene_solr_5_3'
[ https://svn.apache.org/r1694250 ]
SOLR-7849: Predicate is not available in java 7
Secure Inter-node communication in a standard mechanism
Key: SOLR-7849
URL: https://issues.apache.org/jira/browse/SOLR-7849
Project: Solr
Issue Type: Sub-task
Reporter: Noble Paul
Assignee: Noble Paul
Fix For: 5.3, Trunk
Attachments: SOLR-7849.patch, SOLR-7849.patch, SOLR-7849.patch,
SOLR-7849.patch
Relying on every Authentication plugin to secure the internode communication
is error prone. Solr can standardize the authentication so that only the
first request that comes from outside the cluster needs to be authenticated
by the authentication plugin
The scheme to protect the communication will be as follows
* Every Solr node creates a an RSA key pair
* The private key is kept private and the public key is made available
through a core admin API
* If authentication is enabled , every outgoing request will carry an extra
header {{ SolrAuth : nodename
encrypt_with_pvt_key(original-user-principal timestamp) }}
* If authentication is enabled {{SolrDispatchFilter}} would look for this
header and see the nodename
** If the public key of the nodename is available in cache , make a request
to the node and fetch the public key
** If the public key has changed (because of a server restart) decryption
fails and the public keyis fetched again
* If the decryption succeeds , the user-name is set to what the header has
encoded
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-7849) Secure Inter-node communication in a standard mechanism
[
https://issues.apache.org/jira/browse/SOLR-7849?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14650095#comment-14650095
]
Noble Paul commented on SOLR-7849:
--
bq. How will node B be able to lookup the public key from core admin API of
node A if A requires B to also authenticate? Perhaps publish pub-key through ZK
instead of core admin?
The public-key will be available at every node through a standard end-point e.g
{{/admin/cores/key}} which will always be unprotected
bq.What should happen in multi-DC case; would cross cluster communication be
treated as internal?
That mechanism will have to be sorted out. Not a part of this ticket
e.g : node-A in DC1 cluster wants to lookup node-P in DC2 cluster. We will
publish the zk address of DC2 cluster in ZK of DC1 cluster and vice versa. This
way node-A will trust al nodes in DC2 cluster as well
bq.What would original-user-principal be in case the action is initiated by
Solr and not an external request?
It will be a standard string like {{'$'}} which means the node itself is the
principal
Secure Inter-node communication in a standard mechanism
Key: SOLR-7849
URL: https://issues.apache.org/jira/browse/SOLR-7849
Project: Solr
Issue Type: Sub-task
Reporter: Noble Paul
Assignee: Noble Paul
Relying on every Authentication plugin to secure the internode communication
is error prone. Solr can standardize the authentication so that only the
first request that comes from outside the cluster needs to be authenticated
by the authentication plugin
The scheme to protect the communication will be as follows
* Every Solr node creates a an RSA key pair
* The private key is kept private and the public key is made available
through a core admin API
* If authentication is enabled , every outgoing request will carry an extra
header {{ SolrAuth : nodename
encrypt_with_pvt_key(original-user-principal timestamp) }}
* If authentication is enabled {{SolrDispatchFilter}} would look for this
header and see the nodename
** If the public key of the nodename is available in cache , make a request
to the node and fetch the public key
** If the public key has changed (because of a server restart) decryption
fails and the public keyis fetched again
* If the decryption succeeds , the user-name is set to what the header has
encoded
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-7849) Secure Inter-node communication in a standard mechanism
[
https://issues.apache.org/jira/browse/SOLR-7849?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14650012#comment-14650012
]
Jan Høydahl commented on SOLR-7849:
---
Interesting idea. How will node B be able to lookup the public key from core
admin API of node A if A requires B to also authenticate? Perhaps publish
pub-key through ZK instead of core admin?
What should happen in multi-DC case; would cross cluster communication be
treated as internal? What would original-user-principal be in case the
action is initiated by Solr and not an external request?
Secure Inter-node communication in a standard mechanism
Key: SOLR-7849
URL: https://issues.apache.org/jira/browse/SOLR-7849
Project: Solr
Issue Type: Sub-task
Reporter: Noble Paul
Assignee: Noble Paul
Relying on every Authentication plugin to secure the internode communication
is error prone. Solr can standardize the authentication so that only the
first request that comes from outside the cluster needs to be authenticated
by the authentication plugin
The scheme to protect the communication will be as follows
* Every Solr node creates a an RSA key pair
* The private key is kept private and the public key is made available
through a core admin API
* If authentication is enabled , every outgoing request will carry an extra
header {{ SolrAuth : nodename
encrypt_with_pvt_key(original-user-principal timestamp) }}
* If authentication is enabled {{SolrDispatchFilter}} would look for this
header and see the nodename
** If the public key of the nodename is available in cache , make a request
to the node and fetch the public key
** If the public key has changed (because of a server restart) decryption
fails and the public keyis fetched again
* If the decryption succeeds , the user-name is set to what the header has
encoded
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
