We are trying to enable authentication mechanism in our Solr cluster using Kerberos authentication plugin. We use Active Directory as our KDC, each Solr node has its own SPN in the form of HTTP/<fqdn>@<REALM> and things are working as expected. Things are getting complicated while trying to configure our load balancer, as there is no specific SPN to ask the KDC a ticket for (the balancer is routing to multiple SPNs...) As a solution we though to add the balancer's principal to each of the Solr nodes (and to the keytab files of course) as follow:
-Dsolr.kerberos.principal=HTTP/solr_host.our.domain@OUR.REALM,HTTP/balancer_host.our.domain@OUR.REALM But it seems impossible to config Solr with more than one SPN. Is there any other workaround? -- Sent from: http://lucene.472066.n3.nabble.com/Solr-User-f472068.html