Solr should support Proxy User / Secure Impersonation for authentication, as supported by hadoop (http://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-common/Superusers.html) and supported by the hadoop AuthenticationFilter (which we use for the KerberosPlugin).
There are a number of use cases, but a common one is this:
There is a front end for searches (say, Hue http://gethue.com/) that supports its own login mechanisms. If the cluster uses kerberos for authentication, hue must have kerberos credentials for each user, which is a pain to manage. Instead, hue can be allowed to impersonate known users from known machines so it only needs its own kerberos credentials.