[
https://issues.apache.org/jira/browse/SOLR-10282?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ishan Chattopadhyaya updated SOLR-10282:
----------------------------------------
Attachment: SOLR-10282.patch
Here's a patch for enabling kerberos support using bin/solr script. Here's the
expected usage:
{code}
$ bin/solr auth enable -type kerberos -config
"-Djava.security.auth.login.config=/home/foo/jaas-client.conf
-Dsolr.kerberos.cookie.domain=192.168.0.107
-Dsolr.kerberos.cookie.portaware=true
-Dsolr.kerberos.principal=HTTP/192.168.0....@example.com
-Dsolr.kerberos.keytab=/keytabs/107.keytab"
{code}
This will upload a security.json to ZK that sets up KerberosPlugin, and adds
the "config" parameter to the solr.in.sh. The user would need to restart the
node after performing this step.
Going forward, we can make this script support interactive by accepting (and
guiding/suggesting) the various configuration parameters, like a wizard.
Possibly, even helping the user in writing the JAAS configs.
There are some nocommits that need to be resolved before committing, but this
is close and it seems to work functionally.
> bin/solr support for enabling Kerberos security
> -----------------------------------------------
>
> Key: SOLR-10282
> URL: https://issues.apache.org/jira/browse/SOLR-10282
> Project: Solr
> Issue Type: Improvement
> Security Level: Public(Default Security Level. Issues are Public)
> Reporter: Ishan Chattopadhyaya
> Assignee: Ishan Chattopadhyaya
> Fix For: master (7.0)
>
> Attachments: SOLR-10282.patch
>
>
> This is in the same spirit as SOLR-8440.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
