[ https://issues.apache.org/jira/browse/SOLR-7849?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Noble Paul updated SOLR-7849: ----------------------------- Summary: Secure Inter-node communication in a standard mechanism (was: Secure Inter-node communication ina standard mechanism) > Secure Inter-node communication in a standard mechanism > -------------------------------------------------------- > > Key: SOLR-7849 > URL: https://issues.apache.org/jira/browse/SOLR-7849 > Project: Solr > Issue Type: Sub-task > Reporter: Noble Paul > Assignee: Noble Paul > > Relying on every Authentication plugin to secure the internode communication > is error prone. Solr can standardize the authentication so that only the > first request that comes from outside the cluster needs to be authenticated > by the authentication plugin > The scheme to protect the communication will be as follows > * Every Solr node creates a an RSA key pair > * The private key is kept private and the public key is made available > through a core admin API > * If authentication is enabled , every outgoing request will carry an extra > header {{ SolrAuth : <nodename> > encrypt_with_pvt_key(<original-user-principal> <timestamp>) }} > * If authentication is enabled {{SolrDispatchFilter}} would look for this > header and see the nodename > ** If the public key of the nodename is available in cache , make a request > to the node and fetch the public key > ** If the public key has changed (because of a server restart) decryption > fails and the public keyis fetched again > * If the decryption succeeds , the user-name is set to what the header has > encoded -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org