Description
ichattopadhyaya and anshumg, thanks for implementing Kerberos authentication in Solr as part of https://issues.apache.org/jira/browse/SOLR-7468
Is it possible to make the kerberos subject used by the Solr process made available to the authorization. It could be a static method which gives the subject.
The reason being, in Apache Ranger implementation of the authorization plugin, we also do Audit. When we want to write the audit logs to Kerberized HDFS or Kerberized Solr, we have to read the jaas file again and create the subject/principal. This requires the authorization code duplicate the tasks done the by Solr server, which includes reading the jaas file and principal from -D option or other config files. Since this might change over the period of time, it is better to just reuse subject the Solr server creates for interacting between the nodes.
Attachments
Issue Links
- relates to
-
SOLR-7468 Kerberos authentication module
- Closed