[
https://issues.apache.org/jira/browse/SENTRY-2107?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Hrishikesh Gadre reassigned SENTRY-2107:
----------------------------------------
Assignee: (was: Hrishikesh Gadre)
> Solr plugin should use short username instead of user principal for
> authorization check
> ---------------------------------------------------------------------------------------
>
> Key: SENTRY-2107
> URL: https://issues.apache.org/jira/browse/SENTRY-2107
> Project: Sentry
> Issue Type: Improvement
> Affects Versions: 2.0.0
> Reporter: Hrishikesh Gadre
> Priority: Minor
>
> Currently Solr authorization framework provides only user principal as part
> of the authorization context. Authorization service like Sentry, on the other
> hands, requires a short username to enforce the authorization checks.
> Currently this is achieved by explicitly transforming user principal to short
> user name using Hadoop KerberosName class. This is not a good design since it
> assumes that only kerberos authentication mechanism is used with sentry
> (which is not always the case e.g. solr supports ldap based authentication).
> SOLR-10814 fixes this issue by providing short user name as part of the
> authorization context. This jira is to utilize the new api on the sentry
> side.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
