[ https://issues.apache.org/jira/browse/SOLR-9541?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15509706#comment-15509706 ]
Noble Paul edited comment on SOLR-9541 at 9/21/16 12:03 PM: ------------------------------------------------------------ What do you mean? The documentation says it clearly {code} This kicks in when there is any request going on between 2 Solr nodes. It is enabled only when the Authentication plugin does not wish to handle inter-node security (only BasicAuthPlugin as of now) {code} If your AuthenticationPlugin implements {{HttpClientInterceptorPlugin}}, it can handle security of internode requests was (Author: noble.paul): bq.Relying on every Authentication plugin to secure the internode communication is error prone. What do you mean? The documentation says it clearly {code} This kicks in when there is any request going on between 2 Solr nodes. It is enabled only when the Authentication plugin does not wish to handle inter-node security (only BasicAuthPlugin as of now) {code} If your AuthenticationPlugin implements {{HttpClientInterceptorPlugin}}, it can handle security of internode requests > Support configurable authentication mechanism for internode communication > ------------------------------------------------------------------------- > > Key: SOLR-9541 > URL: https://issues.apache.org/jira/browse/SOLR-9541 > Project: Solr > Issue Type: Improvement > Security Level: Public(Default Security Level. Issues are Public) > Affects Versions: 5.3, 6.0 > Reporter: Hrishikesh Gadre > > SOLR-7849 introduced PKI based authentication mechanism for internode > communication. The main reason for introducing SOLR-7849 was, > >> Relying on every Authentication plugin to secure the internode > >> communication is error prone. > At Cloudera we are using Kerberos protocol for all communication without any > issues (i.e. between client/server as well as server/server). We should make > this internode authentication mechanism configurable (with default as PKI > based mechanism). This will allow users to decide the appropriate > authentication mechanism based on their security requirements. -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org