[
https://issues.apache.org/jira/browse/SOLR-7849?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Noble Paul updated SOLR-7849:
-----------------------------
Summary: Secure Inter-node communication in a standard mechanism (was:
Secure Inter-node communication ina standard mechanism)
> Secure Inter-node communication in a standard mechanism
> --------------------------------------------------------
>
> Key: SOLR-7849
> URL: https://issues.apache.org/jira/browse/SOLR-7849
> Project: Solr
> Issue Type: Sub-task
> Reporter: Noble Paul
> Assignee: Noble Paul
>
> Relying on every Authentication plugin to secure the internode communication
> is error prone. Solr can standardize the authentication so that only the
> first request that comes from outside the cluster needs to be authenticated
> by the authentication plugin
> The scheme to protect the communication will be as follows
> * Every Solr node creates a an RSA key pair
> * The private key is kept private and the public key is made available
> through a core admin API
> * If authentication is enabled , every outgoing request will carry an extra
> header {{ SolrAuth : <nodename>
> encrypt_with_pvt_key(<original-user-principal> <timestamp>) }}
> * If authentication is enabled {{SolrDispatchFilter}} would look for this
> header and see the nodename
> ** If the public key of the nodename is available in cache , make a request
> to the node and fetch the public key
> ** If the public key has changed (because of a server restart) decryption
> fails and the public keyis fetched again
> * If the decryption succeeds , the user-name is set to what the header has
> encoded
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
