Uploaded image for project: 'Solr'
  1. Solr
  2. SOLR-7824

Make server kerberos subject available to authorization plugin code

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Open
    • Major
    • Resolution: Unresolved
    • 5.2
    • None
    • security, Server
    • None

    Description

      ichattopadhyaya and anshumg, thanks for implementing Kerberos authentication in Solr as part of https://issues.apache.org/jira/browse/SOLR-7468

      Is it possible to make the kerberos subject used by the Solr process made available to the authorization. It could be a static method which gives the subject.

      The reason being, in Apache Ranger implementation of the authorization plugin, we also do Audit. When we want to write the audit logs to Kerberized HDFS or Kerberized Solr, we have to read the jaas file again and create the subject/principal. This requires the authorization code duplicate the tasks done the by Solr server, which includes reading the jaas file and principal from -D option or other config files. Since this might change over the period of time, it is better to just reuse subject the Solr server creates for interacting between the nodes.

      Attachments

        Issue Links

          relates to

          New Feature - A new feature of the product, which has yet to be developed. SOLR-7468 Kerberos authentication module

          • Major - Major loss of function.
          • Closed

          Activity

            People

              Unassigned Unassigned
              bosco Bosco
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated: