Uploaded image for project: 'Apache NiFi'
  1. Apache NiFi
  2. NIFI-5148

Solr processors failing to authenticate against Kerberized Solr

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.6.0
    • Fix Version/s: 1.7.0
    • Component/s: None
    • Labels:
      None

      Description

      It appears that with the new default value of "useSubjectCredsOnly=true" in NiFi's bootstrap.conf that this can cause an issue for the Solr processors when talking to a kerberized Solr.

      The SolrJ client code that we are using specifically calls this out as being problematic:

      https://github.com/apache/lucene-solr/blob/branch_6x/solr/solrj/src/java/org/apache/solr/client/solrj/impl/Krb5HttpClientConfigurer.java#L75-L88

      We should refactor the kerberos approach in the Solr processors to resolve this issue and make general improvements. We should be performing a JAAS login and wrapping calls in Subject.doAs, and we should try and move away from the system level JAAS property and leverage the new keytab controller service.

       

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                bende Bryan Bende
                Reporter:
                bende Bryan Bende
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: