Solr
  1. Solr
  2. SOLR-8326

PKIAuthenticationPlugin doesn't report any errors in case of stale or wrong keys and returns garbage

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Blocker Blocker
    • Resolution: Fixed
    • Affects Version/s: 5.3, 5.3.1
    • Fix Version/s: 5.3.2, 5.4, 6.0
    • Component/s: None
    • Labels:

      Description

      This was reported on the mailing list:
      https://www.mail-archive.com/solr-user@lucene.apache.org/msg115921.html

      I tested it out as follows to confirm that adding a 'read' rule causes replication to break.

      1. pkiauth_ttl.patch
        0.8 kB
        Noble Paul
      2. SOLR-8326.patch
        9 kB
        Anshum Gupta
      3. SOLR-8326.patch
        8 kB
        Noble Paul
      4. SOLR-8326.patch
        1 kB
        Noble Paul

        Activity

        Hide
        Anshum Gupta added a comment - - edited

        PKIAuthenticationPlugin doesn't report errors in case the key provided is invalid and instead just returns garbage. This causes the authorization to break as well.

        Original text:

        Here are the list of steps that you'd need to run to see that things are fine for you without the read permission:

        • Untar and setup Solr, don't start it yet
        • Start clean zookeeper
        • Put the security.json in zk, without anything other than a security-edit permission. Find the content of the file below. Upload it using your own zk client or through the solr script:
          > solr-5.3.1/server/scripts/cloud-scripts/zkcli.sh -zkhost localhost:2181 -cmd putfile /security.json ~/security.json

        security.json:
        {"authentication":{"class":"solr.BasicAuthPlugin","credentials":{"solr":"IV0EHq1OnNrj6gvRCwvFwTrZ1+z1oBbnQdiVC3otuq0= Ndd7LKvVBAaZIF0QAVi1ekCfAJXr1GGfLtRUXhgrF8c="}},"authorization":{"class":"solr.RuleBasedAuthorizationPlugin","user-role":

        {"solr":["admin"]}

        ,"permissions":[

        {"name":"security-edit","role":"admin"}

        ]}}

        • Start solr:
          > solr-5.3.1/bin/solr start -e cloud -z localhost:2181

        You would need to key in a few things e.g. #nodes and ports, leave them at the default values of 2 nodes and 8983/7574, unless you want to run Solr on a different port. Then let it create a default collection to just make sure that everything works fine.

        At this point, everything should be working fine. Restarting the nodes should also work fine. You can try 2 things at this point:
        1. Create a new collection with 1 shard and 1 replica and then try adding a replica, here's how:
        > curl --user solr:SolrRocks http://localhost:8983/solr/admin/collections?action=CREATE&name=testcollection&collection.configName=gettingstarted&numShards=1

        > curl --user solr:SolrRocks http://localhost:8983/solr/admin/collections?action=ADDREPLICA&collection=testcollection&shard=shard1

        This should work fine.

        2. After this, try restarting the solr cluster. Here's how you can do so, assuming you didn't change any of the defaults and you are running zk on localhost:2181. If not, just change those values below:
        > bin/solr stop -all

        After this, check that Solr was actually stopped. I'd also suggest you tail the logs on both nodes when they are coming up to see any errors, if any. The logs would be here: example/cloud/node1/logs/solr.log and example/cloud/node2/logs/solr.log

        > bin/solr start -c -p 8983 -s "example/cloud/node1/solr" -z localhost:2181
        > bin/solr start -c -p 7574 -s "example/cloud/node2/solr" -z localhost:2181

        If you get to this checkpoint fine, try adding a read permission.
        Add a permission:
        > curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H 'Content-type:application/json' -d '{"set-permission" : {"name":"read", "role":"read"}}'

        Add a user:
        > curl --user solr:SolrRocks http://localhost:8983/solr/admin/authentication -H 'Content-type:application/json' -d '{"set-user" : {"solrread":"solrRocks"}}'

        Assign a role to the user:
        >curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H 'Content-type:application/json' -d '{"set-user-role" : {"solrread":["read"]}}'

        After this, you should start having issues with ADDREPLICA.
        Also, as you would at this point have a collection with a shard that has a replication factor > 1 (remember the ADDREPLICA we did earlier), you would have issues when you restart the cluster again using the steps I mentioned above.

        Show
        Anshum Gupta added a comment - - edited PKIAuthenticationPlugin doesn't report errors in case the key provided is invalid and instead just returns garbage. This causes the authorization to break as well. Original text: Here are the list of steps that you'd need to run to see that things are fine for you without the read permission: Untar and setup Solr, don't start it yet Start clean zookeeper Put the security.json in zk, without anything other than a security-edit permission. Find the content of the file below. Upload it using your own zk client or through the solr script: > solr-5.3.1/server/scripts/cloud-scripts/zkcli.sh -zkhost localhost:2181 -cmd putfile /security.json ~/security.json security.json: {"authentication":{"class":"solr.BasicAuthPlugin","credentials":{"solr":"IV0EHq1OnNrj6gvRCwvFwTrZ1+z1oBbnQdiVC3otuq0= Ndd7LKvVBAaZIF0QAVi1ekCfAJXr1GGfLtRUXhgrF8c="}},"authorization":{"class":"solr.RuleBasedAuthorizationPlugin","user-role": {"solr":["admin"]} ,"permissions":[ {"name":"security-edit","role":"admin"} ]}} Start solr: > solr-5.3.1/bin/solr start -e cloud -z localhost:2181 You would need to key in a few things e.g. #nodes and ports, leave them at the default values of 2 nodes and 8983/7574, unless you want to run Solr on a different port. Then let it create a default collection to just make sure that everything works fine. Add the collection-admin-edit command: > curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H 'Content-type:application/json' -d '{"set-permission" : {"name":"collection-admin-edit", "role":"admin"}}' At this point, everything should be working fine. Restarting the nodes should also work fine. You can try 2 things at this point: 1. Create a new collection with 1 shard and 1 replica and then try adding a replica, here's how: > curl --user solr:SolrRocks http://localhost:8983/solr/admin/collections?action=CREATE&name=testcollection&collection.configName=gettingstarted&numShards=1 > curl --user solr:SolrRocks http://localhost:8983/solr/admin/collections?action=ADDREPLICA&collection=testcollection&shard=shard1 This should work fine. 2. After this, try restarting the solr cluster. Here's how you can do so, assuming you didn't change any of the defaults and you are running zk on localhost:2181. If not, just change those values below: > bin/solr stop -all After this, check that Solr was actually stopped. I'd also suggest you tail the logs on both nodes when they are coming up to see any errors, if any. The logs would be here: example/cloud/node1/logs/solr.log and example/cloud/node2/logs/solr.log > bin/solr start -c -p 8983 -s "example/cloud/node1/solr" -z localhost:2181 > bin/solr start -c -p 7574 -s "example/cloud/node2/solr" -z localhost:2181 If you get to this checkpoint fine, try adding a read permission. Add a permission: > curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H 'Content-type:application/json' -d '{"set-permission" : {"name":"read", "role":"read"}}' Add a user: > curl --user solr:SolrRocks http://localhost:8983/solr/admin/authentication -H 'Content-type:application/json' -d '{"set-user" : {"solrread":"solrRocks"}}' Assign a role to the user: >curl --user solr:SolrRocks http://localhost:8983/solr/admin/authorization -H 'Content-type:application/json' -d '{"set-user-role" : {"solrread": ["read"] }}' After this, you should start having issues with ADDREPLICA. Also, as you would at this point have a collection with a shard that has a replication factor > 1 (remember the ADDREPLICA we did earlier), you would have issues when you restart the cluster again using the steps I mentioned above.
        Hide
        Anshum Gupta added a comment -

        Seems like this isn't the root of the problem. As reported on the mailing list, enabling BasicAuth/RuleBasedAuthorization leads to NumberFormatException from the PKIAuthenticationPlugin on node restarts.
        I'm digging deeper into this to figure if they are really related or that is another issue by itself and so not opening another issue until I figure they are different issues.

        Noble Paul : Do you have time to look at this too as you did most of this stuff ?

        Show
        Anshum Gupta added a comment - Seems like this isn't the root of the problem. As reported on the mailing list, enabling BasicAuth/RuleBasedAuthorization leads to NumberFormatException from the PKIAuthenticationPlugin on node restarts. I'm digging deeper into this to figure if they are really related or that is another issue by itself and so not opening another issue until I figure they are different issues. Noble Paul : Do you have time to look at this too as you did most of this stuff ?
        Hide
        Anshum Gupta added a comment -

        Seems like the timestamp in the header received on the node that wasn't shutdown is screwed up when the other node is restarting.

        	at org.apache.solr.security.PKIAuthenticationPlugin.doAuthenticate(PKIAuthenticationPlugin.java:130)
        
        long timeMillis = Long.parseLong(timeStr);
        

        Debugging it further.

        Show
        Anshum Gupta added a comment - Seems like the timestamp in the header received on the node that wasn't shutdown is screwed up when the other node is restarting. at org.apache.solr.security.PKIAuthenticationPlugin.doAuthenticate(PKIAuthenticationPlugin.java:130) long timeMillis = Long .parseLong(timeStr); Debugging it further.
        Hide
        Noble Paul added a comment - - edited

        If there is an error in PKIAuthenticationPlugin the request does not really have to fail. It can go on as if it is unauthenticated

        Show
        Noble Paul added a comment - - edited If there is an error in PKIAuthenticationPlugin the request does not really have to fail. It can go on as if it is unauthenticated
        Hide
        Noble Paul added a comment -

        There is a serious bug with PKIAuthenticationPlugin . The code was written with the assumption that an encrypted string is tried to be decrypted with the wrong public key, it throws an Exception. That is not true. It just returns garbage without complaining.

        When a node restarts, the cached public key is invalid because a new key pair is generated

        Show
        Noble Paul added a comment - There is a serious bug with PKIAuthenticationPlugin . The code was written with the assumption that an encrypted string is tried to be decrypted with the wrong public key, it throws an Exception. That is not true. It just returns garbage without complaining. When a node restarts, the cached public key is invalid because a new key pair is generated
        Hide
        Anshum Gupta added a comment -

        Thanks for the patch Noble. I've changed log levels and reduced visibility of methods where I could. I've also made a few things final in this patch where I thought it made sense.
        The rest looks good to me.

        I tested this out with:

        • Start a 2 node cluster with external zk and security.json in place
        • Try creating a collection and adding a replica - positive
        • Add collection-admin-edit rule and make sure that credentials are required - positive
        • Restart one of the nodes and see there are no errors - positive
        • Add read user and permission, then create a collection - positive
        • Add a replica on the new collection - positive
        • Restart one of the nodes and make sure there are no errors and the replicas are healthy once the node is up - positive

        It'd be good to add a test here so that we don't regress. It could be a PKI test or a Chaos monkey test perhaps, but then we'll need to figure a way to get Chaos monkey to work with MiniSolrCloudCluster so we could upload the security conf etc.
        For now, I think we should commit this as I'm not sure how long would the test itself take considering we're close to cutting the 5.4 branch and this is a blocker.

        Show
        Anshum Gupta added a comment - Thanks for the patch Noble. I've changed log levels and reduced visibility of methods where I could. I've also made a few things final in this patch where I thought it made sense. The rest looks good to me. I tested this out with: Start a 2 node cluster with external zk and security.json in place Try creating a collection and adding a replica - positive Add collection-admin-edit rule and make sure that credentials are required - positive Restart one of the nodes and see there are no errors - positive Add read user and permission, then create a collection - positive Add a replica on the new collection - positive Restart one of the nodes and make sure there are no errors and the replicas are healthy once the node is up - positive It'd be good to add a test here so that we don't regress. It could be a PKI test or a Chaos monkey test perhaps, but then we'll need to figure a way to get Chaos monkey to work with MiniSolrCloudCluster so we could upload the security conf etc. For now, I think we should commit this as I'm not sure how long would the test itself take considering we're close to cutting the 5.4 branch and this is a blocker.
        Hide
        ASF subversion and git services added a comment -

        Commit 1716675 from Noble Paul in branch 'dev/trunk'
        [ https://svn.apache.org/r1716675 ]

        SOLR-8326: If BasicAuth enabled, inter node requests fail after node restart

        Show
        ASF subversion and git services added a comment - Commit 1716675 from Noble Paul in branch 'dev/trunk' [ https://svn.apache.org/r1716675 ] SOLR-8326 : If BasicAuth enabled, inter node requests fail after node restart
        Hide
        ASF subversion and git services added a comment -

        Commit 1716719 from Noble Paul in branch 'dev/branches/branch_5x'
        [ https://svn.apache.org/r1716719 ]

        SOLR-8326: If BasicAuth enabled, inter node requests fail after node restart

        Show
        ASF subversion and git services added a comment - Commit 1716719 from Noble Paul in branch 'dev/branches/branch_5x' [ https://svn.apache.org/r1716719 ] SOLR-8326 : If BasicAuth enabled, inter node requests fail after node restart
        Hide
        Anshum Gupta added a comment -

        Noble Paul There's a lucene_solr_5_4 branch cut. Can you commit to that one too ?

        Show
        Anshum Gupta added a comment - Noble Paul There's a lucene_solr_5_4 branch cut. Can you commit to that one too ?
        Hide
        ASF subversion and git services added a comment -

        Commit 1716751 from Noble Paul in branch 'dev/branches/lucene_solr_5_4'
        [ https://svn.apache.org/r1716751 ]

        SOLR-8326: If BasicAuth enabled, inter node requests fail after node restart

        Show
        ASF subversion and git services added a comment - Commit 1716751 from Noble Paul in branch 'dev/branches/lucene_solr_5_4' [ https://svn.apache.org/r1716751 ] SOLR-8326 : If BasicAuth enabled, inter node requests fail after node restart
        Hide
        Anshum Gupta added a comment -

        Reopening to backport to 5.3.2

        Show
        Anshum Gupta added a comment - Reopening to backport to 5.3.2
        Hide
        Nirmala Venkatraman added a comment - - edited

        Anshum/Noble,
        Iam still seeing intermittent PKIAuth invalid key errors in solr.log while indexing is running against our solrcloud with basic auth enabled and with the patches for SOLR-8326

        2015-12-22 14:39:42.685 ERROR (qtp201069753-644) [c:collection52 s:shard1 r:core_node2 x:collection52_shard1_replica2] o.a.s.s.PKIAuthenticationPlugin Invalid key
        2015-12-22 14:39:42.706 ERROR (qtp201069753-1121) [ ] o.a.s.s.PKIAuthenticationPlugin Invalid key
        2015-12-22 14:39:42.705 ERROR (qtp201069753-481) [ ] o.a.s.s.PKIAuthenticationPlugin Invalid key
        2015-12-22 14:39:42.698 ERROR (qtp201069753-1224) [c:collection52 s:shard1 r:core_node2 x:collection52_shard1_replica2] o.a.s.s.PKIAuthenticationPlugin Invalid key
        2015-12-22 14:39:42.697 ERROR (qtp201069753-577) [c:collection17 s:shard1 r:core_node2 x:collection17_shard1_replica2] o.a.s.s.PKIAuthenticationPlugin Invalid key
        2015-12-22 14:39:42.691 ERROR (qtp201069753-1062) [c:collection52 s:shard1 r:core_node2 x:collection52_shard1_replica2] o.a.s.s.PKIAuthenticationPlugin Invalid key
        2015-12-22 14:39:42.685 ERROR (qtp201069753-1063) [c:collection27 s:shard1 r:core_node1 x:collection27_shard1_replica2] o.a.s.s.PKIAuthenticationPlugin Invalid key
        2015-12-22 15:04:10.247 ERROR (qtp201069753-1045) [c:collection23 s:shard1 r:core_node1 x:collection23_shard1_replica1] o.a.s.s.PKIAuthenticationPlugin Invalid key

        In Access/request logs on the same solr server, I see update requests coming from other solr servers returning a 401
        9.32.182.53 - - [22/Dec/2015:14:39:42 +0000] "POST /solr/collection42_shard1_replica2/update?update.distrib=TOLEADER&distrib.from=http%3A%2F%2Fsgdsolar1.swg.usma.ibm.com%3A8983%2Fsolr%2Fcollection42_shard1_replica1%2F&wt=javabin&version=2 HTTP/1.1" 401 386
        9.32.182.60 - - [22/Dec/2015:14:39:42 +0000] "POST /solr/collection40/update?route=Q049c2dkbWFpbDI5L089U0dfVVMx20106052!&overwrite=true HTTP/1.1" 401 370
        9.32.179.190 - - [22/Dec/2015:14:39:42 +0000] "GET /solr/collection59/get?route=Q049c2dkbWFpbDI5L089U0dfVVMx20106072!&ids=Q049c2dkbWFpbDI5L089U0dfVVMx20106072!354405B096A7252500257DF2006B4EBB,Q049c2dkbWFpbDI5L089U0dfVVMx20106072!E05CD420388D090200257DF2006B4F0C,Q049c2dkbWFpbDI5L089U0dfVVMx20106072!0C64A415C05985FD00257DF2006B4EE5,Q049c2dkbWFpbDI5L089U0dfVVMx20106072!CB209D64E6CFD95700257DF2006B4F58,Q049c2dkbWFpbDI5L089U0dfVVMx20106072!416F4C73022EFA1200257DF2006B4F33&fl=unid,sequence,folderunid&wt=xml&rows=10 HTTP/1.1" 401 367
        9.32.182.53 - - [22/Dec/2015:14:39:42 +0000] "POST /solr/collection40/update?route=Q049c2dkbWFpbDI2L089U0dfVVMx20105988!&overwrite=true HTTP/1.1" 401 370
        9.32.182.53 - - [22/Dec/2015:14:39:42 +0000] "POST /solr/collection29_shard1_replica1/update?update.distrib=TOLEADER&distrib.from=http%3A%2F%2Fsgdsolar1.swg.usma.ibm.com%3A8983%2Fsolr%2Fcollection29_shard1_replica2%2F&wt=javabin&version=2 HTTP/1.1" 401 386
        9.32.182.53 - - [22/Dec/2015:14:39:42 +0000] "POST /solr/collection9_shard1_replica1/update?update.distrib=TOLEADER&distrib.from=http%3A%2F%2Fsgdsolar1.swg.usma.ibm.com%3A8983%2Fsolr%2Fcollection9_shard1_replica2%2F&wt=javabin&version=2 HTTP/1.1" 401 385
        9.32.182.53 - - [22/Dec/2015:14:39:42 +0000] "POST /solr/collection52_shard1_replica2/update?update.distrib=TOLEADER&distrib.from=http%3A%2F%2Fsgdsolar1.swg.usma.ibm.com%3A8983%2Fsolr%2Fcollection52_shard1_replica1%2F&wt=javabin&version=2 HTTP/1.1" 401 386
        9.32.179.191 - - [22/Dec/2015:15:04:10 +0000] "POST /solr/collection59/update?route=Q049c2dkbWFpbDI4L089U0dfVVMx20106007!&overwrite=true HTTP/1.1" 401 370

        Should this be treated as a new bug/issue?

        Show
        Nirmala Venkatraman added a comment - - edited Anshum/Noble, Iam still seeing intermittent PKIAuth invalid key errors in solr.log while indexing is running against our solrcloud with basic auth enabled and with the patches for SOLR-8326 2015-12-22 14:39:42.685 ERROR (qtp201069753-644) [c:collection52 s:shard1 r:core_node2 x:collection52_shard1_replica2] o.a.s.s.PKIAuthenticationPlugin Invalid key 2015-12-22 14:39:42.706 ERROR (qtp201069753-1121) [ ] o.a.s.s.PKIAuthenticationPlugin Invalid key 2015-12-22 14:39:42.705 ERROR (qtp201069753-481) [ ] o.a.s.s.PKIAuthenticationPlugin Invalid key 2015-12-22 14:39:42.698 ERROR (qtp201069753-1224) [c:collection52 s:shard1 r:core_node2 x:collection52_shard1_replica2] o.a.s.s.PKIAuthenticationPlugin Invalid key 2015-12-22 14:39:42.697 ERROR (qtp201069753-577) [c:collection17 s:shard1 r:core_node2 x:collection17_shard1_replica2] o.a.s.s.PKIAuthenticationPlugin Invalid key 2015-12-22 14:39:42.691 ERROR (qtp201069753-1062) [c:collection52 s:shard1 r:core_node2 x:collection52_shard1_replica2] o.a.s.s.PKIAuthenticationPlugin Invalid key 2015-12-22 14:39:42.685 ERROR (qtp201069753-1063) [c:collection27 s:shard1 r:core_node1 x:collection27_shard1_replica2] o.a.s.s.PKIAuthenticationPlugin Invalid key 2015-12-22 15:04:10.247 ERROR (qtp201069753-1045) [c:collection23 s:shard1 r:core_node1 x:collection23_shard1_replica1] o.a.s.s.PKIAuthenticationPlugin Invalid key In Access/request logs on the same solr server, I see update requests coming from other solr servers returning a 401 9.32.182.53 - - [22/Dec/2015:14:39:42 +0000] "POST /solr/collection42_shard1_replica2/update?update.distrib=TOLEADER&distrib.from=http%3A%2F%2Fsgdsolar1.swg.usma.ibm.com%3A8983%2Fsolr%2Fcollection42_shard1_replica1%2F&wt=javabin&version=2 HTTP/1.1" 401 386 9.32.182.60 - - [22/Dec/2015:14:39:42 +0000] "POST /solr/collection40/update? route =Q049c2dkbWFpbDI5L089U0dfVVMx20106052!&overwrite=true HTTP/1.1" 401 370 9.32.179.190 - - [22/Dec/2015:14:39:42 +0000] "GET /solr/collection59/get? route =Q049c2dkbWFpbDI5L089U0dfVVMx20106072!&ids=Q049c2dkbWFpbDI5L089U0dfVVMx20106072!354405B096A7252500257DF2006B4EBB,Q049c2dkbWFpbDI5L089U0dfVVMx20106072!E05CD420388D090200257DF2006B4F0C,Q049c2dkbWFpbDI5L089U0dfVVMx20106072!0C64A415C05985FD00257DF2006B4EE5,Q049c2dkbWFpbDI5L089U0dfVVMx20106072!CB209D64E6CFD95700257DF2006B4F58,Q049c2dkbWFpbDI5L089U0dfVVMx20106072!416F4C73022EFA1200257DF2006B4F33&fl=unid,sequence,folderunid&wt=xml&rows=10 HTTP/1.1" 401 367 9.32.182.53 - - [22/Dec/2015:14:39:42 +0000] "POST /solr/collection40/update? route =Q049c2dkbWFpbDI2L089U0dfVVMx20105988!&overwrite=true HTTP/1.1" 401 370 9.32.182.53 - - [22/Dec/2015:14:39:42 +0000] "POST /solr/collection29_shard1_replica1/update?update.distrib=TOLEADER&distrib.from=http%3A%2F%2Fsgdsolar1.swg.usma.ibm.com%3A8983%2Fsolr%2Fcollection29_shard1_replica2%2F&wt=javabin&version=2 HTTP/1.1" 401 386 9.32.182.53 - - [22/Dec/2015:14:39:42 +0000] "POST /solr/collection9_shard1_replica1/update?update.distrib=TOLEADER&distrib.from=http%3A%2F%2Fsgdsolar1.swg.usma.ibm.com%3A8983%2Fsolr%2Fcollection9_shard1_replica2%2F&wt=javabin&version=2 HTTP/1.1" 401 385 9.32.182.53 - - [22/Dec/2015:14:39:42 +0000] "POST /solr/collection52_shard1_replica2/update?update.distrib=TOLEADER&distrib.from=http%3A%2F%2Fsgdsolar1.swg.usma.ibm.com%3A8983%2Fsolr%2Fcollection52_shard1_replica1%2F&wt=javabin&version=2 HTTP/1.1" 401 386 9.32.179.191 - - [22/Dec/2015:15:04:10 +0000] "POST /solr/collection59/update? route =Q049c2dkbWFpbDI4L089U0dfVVMx20106007!&overwrite=true HTTP/1.1" 401 370 Should this be treated as a new bug/issue?
        Hide
        Noble Paul added a comment -

        This is a different error . It happens because the request was received after 5 seconds of sending it or your server times are not in sync.

        I guess we should add a prop to increase the key timeout

        Show
        Noble Paul added a comment - This is a different error . It happens because the request was received after 5 seconds of sending it or your server times are not in sync. I guess we should add a prop to increase the key timeout
        Hide
        Noble Paul added a comment -

        adding a TTL system property to PKIAuthPlugin

        Show
        Noble Paul added a comment - adding a TTL system property to PKIAuthPlugin
        Hide
        Shalin Shekhar Mangar added a comment -

        Noble Paul - please add new enhancements to a separate ticket. This has already been released in 5.4 and the issue should only be used for backporting to 5.3.2.

        Show
        Shalin Shekhar Mangar added a comment - Noble Paul - please add new enhancements to a separate ticket. This has already been released in 5.4 and the issue should only be used for backporting to 5.3.2.
        Hide
        Noble Paul added a comment -

        Sure. Anyway, that is the plan. But I was wondering of that was the problem. It was an idea as a patch.

        Show
        Noble Paul added a comment - Sure. Anyway, that is the plan. But I was wondering of that was the problem. It was an idea as a patch.
        Hide
        Nirmala Venkatraman added a comment -

        Noble Paul - where is pki ttl property needs to be set?

        Show
        Nirmala Venkatraman added a comment - Noble Paul - where is pki ttl property needs to be set?
        Hide
        Noble Paul added a comment -

        It's a system property on the solr nodes.

        Show
        Noble Paul added a comment - It's a system property on the solr nodes.
        Hide
        Nirmala Venkatraman added a comment -

        So I just specify -Dpkiauth.ttl=XXXX in the solr startup commandline right?

        Show
        Nirmala Venkatraman added a comment - So I just specify -Dpkiauth.ttl=XXXX in the solr startup commandline right?
        Hide
        Noble Paul added a comment -

        Yeah. The value is in milliseconds. Give something like 50000

        Show
        Noble Paul added a comment - Yeah. The value is in milliseconds. Give something like 50000
        Hide
        ASF subversion and git services added a comment -

        Commit 1722085 from Anshum Gupta in branch 'dev/branches/lucene_solr_5_3'
        [ https://svn.apache.org/r1722085 ]

        SOLR-8326: Fix inter node request failures after node restart when BasicAuth is enabled (backport from branch_5x for 5.3.2 release)

        Show
        ASF subversion and git services added a comment - Commit 1722085 from Anshum Gupta in branch 'dev/branches/lucene_solr_5_3' [ https://svn.apache.org/r1722085 ] SOLR-8326 : Fix inter node request failures after node restart when BasicAuth is enabled (backport from branch_5x for 5.3.2 release)
        Hide
        ASF subversion and git services added a comment -

        Commit 1722086 from Anshum Gupta in branch 'dev/trunk'
        [ https://svn.apache.org/r1722086 ]

        SOLR-8326: Add change log entry to 5.3.2 section on trunk

        Show
        ASF subversion and git services added a comment - Commit 1722086 from Anshum Gupta in branch 'dev/trunk' [ https://svn.apache.org/r1722086 ] SOLR-8326 : Add change log entry to 5.3.2 section on trunk
        Hide
        ASF subversion and git services added a comment -

        Commit 1722087 from Anshum Gupta in branch 'dev/branches/branch_5x'
        [ https://svn.apache.org/r1722087 ]

        SOLR-8326: Add change log entry to 5.3.2 section (merge from trunk)

        Show
        ASF subversion and git services added a comment - Commit 1722087 from Anshum Gupta in branch 'dev/branches/branch_5x' [ https://svn.apache.org/r1722087 ] SOLR-8326 : Add change log entry to 5.3.2 section (merge from trunk)
        Hide
        ASF subversion and git services added a comment -

        Commit 1724187 from Adrien Grand in branch 'dev/branches/lucene_solr_5_4'
        [ https://svn.apache.org/r1724187 ]

        SOLR-8326: Add change log entry to 5.3.2 section.

        Show
        ASF subversion and git services added a comment - Commit 1724187 from Adrien Grand in branch 'dev/branches/lucene_solr_5_4' [ https://svn.apache.org/r1724187 ] SOLR-8326 : Add change log entry to 5.3.2 section.
        Hide
        Varun Thacker added a comment -

        Adding BasicAuth tag

        Show
        Varun Thacker added a comment - Adding BasicAuth tag

          People

          • Assignee:
            Anshum Gupta
            Reporter:
            Anshum Gupta
          • Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development