Uploaded image for project: 'Solr'
  1. Solr
  2. SOLR-13726

Krb5HttpClientBuilder avoid setting javax.security.auth.useSubjectCredsOnly

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Won't Do
    • None
    • None
    • security, SolrJ
    • None

    Description

      Solr should avoid setting system properties that affect the entire JVM. Specifically "javax.security.auth.useSubjectCredsOnly" is one that can cause a bunch of issues if SolrJ is colocated with other Kerberos secured services.

      Krb5HttpClientBuilder changes the JVM default to false if it is not set. It is defaulting to true. This affects everything in the JVM. Since SolrJ is meant to be client side, we should avoid doing this.

      https://github.com/apache/solr/blob/main/solr/solrj/src/java/org/apache/solr/client/solrj/impl/Krb5HttpClientBuilder.java#L154

      Attachments

        Issue Links

          is caused by

          New Feature - A new feature of the product, which has yet to be developed. SOLR-7468 Kerberos authentication module

          • Major - Major loss of function.
          • Closed
          relates to

          Bug - A problem which impairs or prevents the functions of the product. NIFI-5148 Solr processors failing to authenticate against Kerberized Solr

          • Major - Major loss of function.
          • Resolved

          Activity

            People

              Unassigned Unassigned
              krisden Kevin Risden
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: