janhoy commented on PR #4477:
URL: https://github.com/apache/solr/pull/4477#issuecomment-4629415425
I found a doc bug regarding default for `--block-unknown` cli flag which was
documented as default `true`. While code default is true, the `auth enable`
default is `false` due to the template. Here's what I did to clarify:
### basic-authentication-plugin.adoc
- Lead with `bin/solr auth enable` as the recommended way to enable basic
auth (cloud mode), with a cross-reference to the control script reference
- Manual `security.json` creation presented as the alternative rather than
the only path
### solr-control-script-reference.adoc
- Added NOTE that `bin/solr auth enable` requires SolrCloud mode; for
user-managed clusters, `security.json` must be placed on each node manually
- Described the security.json as a "best-practice template with roles and
permissions" rather than just "base file"
- Fixed `--block-unknown` default from `true` to `false` — the
`BasicAuthPlugin` code-default is `true`, but the installed template explicitly
sets it to `false` because it includes a
`RuleBasedAuthorizationPlugin` that restricts all operations by role. Only
**health** and **metrics-read** are open (for load balancers / monitoring).
Pass `--block-unknown true` to lock those down too.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
