[SOLR-9324] Support Secure Impersonation / Proxy User for solr authentication - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 6.4, 7.0
Component/s: SolrCloud
Labels:
None

Description

Solr should support Proxy User / Secure Impersonation for authentication, as supported by hadoop (http://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-common/Superusers.html) and supported by the hadoop AuthenticationFilter (which we use for the KerberosPlugin).

There are a number of use cases, but a common one is this:
There is a front end for searches (say, Hue http://gethue.com/) that supports its own login mechanisms. If the cluster uses kerberos for authentication, hue must have kerberos credentials for each user, which is a pain to manage. Instead, hue can be allowed to impersonate known users from known machines so it only needs its own kerberos credentials.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

build-6025.log
05/Aug/16 06:59
3.36 MB
Varun Thacker
SOLR-9324_branch_6x.patch
02/Aug/16 20:12
48 kB
Gregory Chanan
SOLR-9324.patch
02/Aug/16 20:12
48 kB
Gregory Chanan
SOLR-9324.patch
02/Aug/16 18:27
48 kB
Gregory Chanan
SOLR-9324.patch
26/Jul/16 20:01
47 kB
Gregory Chanan
SOLR-9324-tests.patch
06/Aug/16 04:37
3 kB
Gregory Chanan

Issue Links

is related to

SOLR-9200 Add Delegation Token Support to Solr

Closed

links to

GitHub Pull Request #117

Activity

People

Assignee:: Yonik Seeley

Reporter:: Gregory Chanan

Votes:: 0 Vote for this issue

Watchers:: 9 Start watching this issue

Dates

Created:: 20/Jul/16 17:24

Updated:: 08/Jun/19 15:37

Resolved:: 17/Nov/16 22:05