[jira] [Updated] (CONNECTORS-1629) Support Solr Kerberos Authentication
[ https://issues.apache.org/jira/browse/CONNECTORS-1629?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Karl Wright updated CONNECTORS-1629: Component/s: (was: Solr 7.x component) Lucene/SOLR connector > Support Solr Kerberos Authentication > > > Key: CONNECTORS-1629 > URL: https://issues.apache.org/jira/browse/CONNECTORS-1629 > Project: ManifoldCF > Issue Type: Improvement > Components: Lucene/SOLR connector >Affects Versions: ManifoldCF 2.14 >Reporter: Jörn Franke >Assignee: Karl Wright >Priority: Major > Fix For: ManifoldCF 2.16 > > > Several enterprise deployments of Solr are leveraging SolrCloud Kerberos > authentication. > The integration seems to be rather simple and the goal of this Jira is to > evaluate the possential needed step to eventually contribute the Kerberos > integration to the ManifoldCF project. > The following steps would be needed: > * One can pass the JVM parameter java.security.auth.login.config to the > ManifoldCF JVM using -Djava.security.auth.login.config=/path/to/jaas.confg in > which Kerberos authentication details, such as keytab and principal that has > the right access to Solr is configured > * A small adaption to the SolrCloudClient that is used within Manifold needs > to be done to enable Kerberos authentication: > HttpClientUtil.setConfigurer(new Krb5HttpClientConfigurer()); > Should this be integrated in Manifold, one may want to consider one input > field in the configuration in the UI where one can select / flow which user > defined in the Jaas conf (you can define multiple one) should be chosen. By > default one may simply select "client" or "SolrJClient" if Jaas.conf is > present in the System properties. This does not mean the user needs to be > named like this, but the configuration entry referencing any user should be > named like this. > Having a confiugration allows to have a different users per flow. This might > also be needed in case you have multiple Solr clusters. > Related discussion > [http://mail-archives.apache.org/mod_mbox/manifoldcf-user/201912.mbox/browser] > SolrJ Kerberos integration: > [https://lucene.apache.org/solr/guide/8_3/kerberos-authentication-plugin.html#using-solrj-with-a-kerberized-solr] > Jaas conf documentation: > [https://docs.oracle.com/javase/8/docs/technotes/guides/security/jgss/tutorials/LoginConfigFile.html] -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (CONNECTORS-1629) Support Solr Kerberos Authentication
[ https://issues.apache.org/jira/browse/CONNECTORS-1629?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jörn Franke updated CONNECTORS-1629: Description: Several enterprise deployments of Solr are leveraging SolrCloud Kerberos authentication. The integration seems to be rather simple and the goal of this Jira is to evaluate the possential needed step to eventually contribute the Kerberos integration to the ManifoldCF project. The following steps would be needed: * One can pass the JVM parameter java.security.auth.login.config to the ManifoldCF JVM using -Djava.security.auth.login.config=/path/to/jaas.confg in which Kerberos authentication details, such as keytab and principal that has the right access to Solr is configured * A small adaption to the SolrCloudClient that is used within Manifold needs to be done to enable Kerberos authentication: HttpClientUtil.setConfigurer(new Krb5HttpClientConfigurer()); Should this be integrated in Manifold, one may want to consider one input field in the configuration in the UI where one can select / flow which user defined in the Jaas conf (you can define multiple one) should be chosen. By default one may simply select "client" or "SolrJClient" if Jaas.conf is present in the System properties. This does not mean the user needs to be named like this, but the configuration entry referencing any user should be named like this. Having a confiugration allows to have a different users per flow. This might also be needed in case you have multiple Solr clusters. Related discussion [http://mail-archives.apache.org/mod_mbox/manifoldcf-user/201912.mbox/browser] SolrJ Kerberos integration: [https://lucene.apache.org/solr/guide/8_3/kerberos-authentication-plugin.html#using-solrj-with-a-kerberized-solr] Jaas conf documentation: [https://docs.oracle.com/javase/8/docs/technotes/guides/security/jgss/tutorials/LoginConfigFile.html] was: Several enterprise deployments of Solr are leveraging SolrCloud Kerberos authentication. The integration seems to be rather simple and the goal of this Jira is to evaluate the possential needed step to eventually contribute the Kerberos integration to the ManifoldCF project. The following steps would be needed: * One can pass the JVM parameter java.security.auth.login.config to the ManifoldCF JVM using -Djava.security.auth.login.config=/path/to/jaas.confg in which Kerberos authentication details, such as keytab and principal that has the right access to Solr is configured * A small adaption to the SolrCloudClient that is used within Manifold needs to be done to enable Kerberos authentication: HttpClientUtil.setConfigurer(new Krb5HttpClientConfigurer()); Should this be integrated in Manifold, one may want to consider one input field in the configuration in the UI where one can select / flow which user defined in the Jaas conf (you can define multiple one) should be chosen. This allows to have a different user flow. This might also be needed in case you have multiple Solr clusters. By default one may simply select "client" or "SolrJClient" if Jaas.conf is present in the System properties. Related discussion [http://mail-archives.apache.org/mod_mbox/manifoldcf-user/201912.mbox/browser] SolrJ Kerberos integration: [https://lucene.apache.org/solr/guide/8_3/kerberos-authentication-plugin.html#using-solrj-with-a-kerberized-solr] Jaas conf documentation: [https://docs.oracle.com/javase/8/docs/technotes/guides/security/jgss/tutorials/LoginConfigFile.html] > Support Solr Kerberos Authentication > > > Key: CONNECTORS-1629 > URL: https://issues.apache.org/jira/browse/CONNECTORS-1629 > Project: ManifoldCF > Issue Type: Improvement > Components: Solr 7.x component >Affects Versions: ManifoldCF 2.14 >Reporter: Jörn Franke >Priority: Major > > Several enterprise deployments of Solr are leveraging SolrCloud Kerberos > authentication. > The integration seems to be rather simple and the goal of this Jira is to > evaluate the possential needed step to eventually contribute the Kerberos > integration to the ManifoldCF project. > The following steps would be needed: > * One can pass the JVM parameter java.security.auth.login.config to the > ManifoldCF JVM using -Djava.security.auth.login.config=/path/to/jaas.confg in > which Kerberos authentication details, such as keytab and principal that has > the right access to Solr is configured > * A small adaption to the SolrCloudClient that is used within Manifold needs > to be done to enable Kerberos authentication: > HttpClientUtil.setConfigurer(new Krb5HttpClientConfigurer()); > Should this be integrated in Manifold, one may want to consider one input > field in the configuration in the UI where one can select / flow which user > defined in the Jaas conf (you can
[jira] [Updated] (CONNECTORS-1629) Support Solr Kerberos Authentication
[ https://issues.apache.org/jira/browse/CONNECTORS-1629?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jörn Franke updated CONNECTORS-1629: Description: Several enterprise deployments of Solr are leveraging SolrCloud Kerberos authentication. The integration seems to be rather simple and the goal of this Jira is to evaluate the possential needed step to eventually contribute the Kerberos integration to the ManifoldCF project. The following steps would be needed: * One can pass the JVM parameter java.security.auth.login.config to the ManifoldCF JVM using -Djava.security.auth.login.config=/path/to/jaas.confg in which Kerberos authentication details, such as keytab and principal that has the right access to Solr is configured * A small adaption to the SolrCloudClient that is used within Manifold needs to be done to enable Kerberos authentication: HttpClientUtil.setConfigurer(new Krb5HttpClientConfigurer()); Should this be integrated in Manifold, one may want to consider one input field in the configuration in the UI where one can select / flow which user defined in the Jaas conf (you can define multiple one) should be chosen. This allows to have a different user flow. This might also be needed in case you have multiple Solr clusters. By default one may simply select "client" or "SolrJClient" if Jaas.conf is present in the System properties. Related discussion [http://mail-archives.apache.org/mod_mbox/manifoldcf-user/201912.mbox/browser] SolrJ Kerberos integration: [https://lucene.apache.org/solr/guide/8_3/kerberos-authentication-plugin.html#using-solrj-with-a-kerberized-solr] Jaas conf documentation: [https://docs.oracle.com/javase/8/docs/technotes/guides/security/jgss/tutorials/LoginConfigFile.html] was: Several enterprise deployments of Solr are leveraging SolrCloud Kerberos authentication. The integration seems to be rather simple and the goal of this Jira is to evaluate the possential needed step to eventually contribute the Kerberos integration to the ManifoldCF project. The following steps would be needed: * One can pass the JVM parameter java.security.auth.login.config to the ManifoldCF JVM using -Djava.security.auth.login.config=/path/to/jaas.confg in which Kerberos authentication details, such as keytab and principal that has the right access to Solr is configured * A small adaption to the SolrCloudClient that is used within Manifold needs to be done to enable Kerberos authentication: HttpClientUtil.setConfigurer(new Krb5HttpClientConfigurer()); Should this be integrated in Manifold, one may want to consider one input field in the configuration in the UI where one can select / flow which user defined in the Jaas conf (you can define multiple one) should be chosen. By default one may simply select "client" or "SolrJClient" if Jaas.conf is present in the System properties. Related discussion [http://mail-archives.apache.org/mod_mbox/manifoldcf-user/201912.mbox/browser] SolrJ Kerberos integration: [https://lucene.apache.org/solr/guide/8_3/kerberos-authentication-plugin.html#using-solrj-with-a-kerberized-solr] Jaas conf documentation: [https://docs.oracle.com/javase/8/docs/technotes/guides/security/jgss/tutorials/LoginConfigFile.html] > Support Solr Kerberos Authentication > > > Key: CONNECTORS-1629 > URL: https://issues.apache.org/jira/browse/CONNECTORS-1629 > Project: ManifoldCF > Issue Type: Improvement > Components: Solr 7.x component >Affects Versions: ManifoldCF 2.14 >Reporter: Jörn Franke >Priority: Major > > Several enterprise deployments of Solr are leveraging SolrCloud Kerberos > authentication. > The integration seems to be rather simple and the goal of this Jira is to > evaluate the possential needed step to eventually contribute the Kerberos > integration to the ManifoldCF project. > The following steps would be needed: > * One can pass the JVM parameter java.security.auth.login.config to the > ManifoldCF JVM using -Djava.security.auth.login.config=/path/to/jaas.confg in > which Kerberos authentication details, such as keytab and principal that has > the right access to Solr is configured > * A small adaption to the SolrCloudClient that is used within Manifold needs > to be done to enable Kerberos authentication: > HttpClientUtil.setConfigurer(new Krb5HttpClientConfigurer()); > Should this be integrated in Manifold, one may want to consider one input > field in the configuration in the UI where one can select / flow which user > defined in the Jaas conf (you can define multiple one) should be chosen. > This allows to have a different user flow. This might also be needed in case > you have multiple Solr clusters. By default one may simply select "client" or > "SolrJClient" if Jaas.conf is present in the System properties. >
[jira] [Updated] (CONNECTORS-1629) Support Solr Kerberos Authentication
[ https://issues.apache.org/jira/browse/CONNECTORS-1629?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jörn Franke updated CONNECTORS-1629: Description: Several enterprise deployments of Solr are leveraging SolrCloud Kerberos authentication. The integration seems to be rather simple and the goal of this Jira is to evaluate the possential needed step to eventually contribute the Kerberos integration to the ManifoldCF project. The following steps would be needed: * One can pass the JVM parameter java.security.auth.login.config to the ManifoldCF JVM using -Djava.security.auth.login.config=/path/to/jaas.confg in which Kerberos authentication details, such as keytab and principal that has the right access to Solr is configured * A small adaption to the SolrCloudClient that is used within Manifold needs to be done to enable Kerberos authentication: HttpClientUtil.setConfigurer(new Krb5HttpClientConfigurer()); Should this be integrated in Manifold, one may want to consider one input field in the configuration in the UI where one can select / flow which user defined in the Jaas conf (you can define multiple one) should be chosen. By default one may simply select "client" or "SolrJClient" if Jaas.conf is present in the System properties. Related discussion [http://mail-archives.apache.org/mod_mbox/manifoldcf-user/201912.mbox/browser] SolrJ Kerberos integration: [https://lucene.apache.org/solr/guide/8_3/kerberos-authentication-plugin.html#using-solrj-with-a-kerberized-solr] Jaas conf documentation: [https://docs.oracle.com/javase/8/docs/technotes/guides/security/jgss/tutorials/LoginConfigFile.html] was: Several enterprise deployments of Solr are leveraging SolrCloud Kerberos authentication. The integration seems to be rather simple and the goal of this Jira is to evaluate the possential needed step to eventually contribute the Kerberos integration to the ManifoldCF project. The following steps would be needed: * One can pass the JVM parameter java.security.auth.login.config to the ManifoldCF JVM using -Djava.security.auth.login.config=/path/to/jaas.confg in which Kerberos authentication details, such as keytab and principal that has the right access to Solr is configured * A small adaption to the SolrCloudClient that is used within Manifold needs to be done to enable Kerberos authentication: HttpClientUtil.setConfigurer(new Krb5HttpClientConfigurer()); Related discussion [http://mail-archives.apache.org/mod_mbox/manifoldcf-user/201912.mbox/browser] SolrJ Kerberos integration: [https://lucene.apache.org/solr/guide/8_3/kerberos-authentication-plugin.html#using-solrj-with-a-kerberized-solr] Jaas conf documentation: https://docs.oracle.com/javase/8/docs/technotes/guides/security/jgss/tutorials/LoginConfigFile.html > Support Solr Kerberos Authentication > > > Key: CONNECTORS-1629 > URL: https://issues.apache.org/jira/browse/CONNECTORS-1629 > Project: ManifoldCF > Issue Type: Improvement > Components: Solr 7.x component >Affects Versions: ManifoldCF 2.14 >Reporter: Jörn Franke >Priority: Major > > Several enterprise deployments of Solr are leveraging SolrCloud Kerberos > authentication. > The integration seems to be rather simple and the goal of this Jira is to > evaluate the possential needed step to eventually contribute the Kerberos > integration to the ManifoldCF project. > The following steps would be needed: > * One can pass the JVM parameter java.security.auth.login.config to the > ManifoldCF JVM using -Djava.security.auth.login.config=/path/to/jaas.confg in > which Kerberos authentication details, such as keytab and principal that has > the right access to Solr is configured > * A small adaption to the SolrCloudClient that is used within Manifold needs > to be done to enable Kerberos authentication: > HttpClientUtil.setConfigurer(new Krb5HttpClientConfigurer()); > Should this be integrated in Manifold, one may want to consider one input > field in the configuration in the UI where one can select / flow which user > defined in the Jaas conf (you can define multiple one) should be chosen. By > default one may simply select "client" or "SolrJClient" if Jaas.conf is > present in the System properties. > Related discussion > [http://mail-archives.apache.org/mod_mbox/manifoldcf-user/201912.mbox/browser] > SolrJ Kerberos integration: > [https://lucene.apache.org/solr/guide/8_3/kerberos-authentication-plugin.html#using-solrj-with-a-kerberized-solr] > Jaas conf documentation: > [https://docs.oracle.com/javase/8/docs/technotes/guides/security/jgss/tutorials/LoginConfigFile.html] -- This message was sent by Atlassian Jira (v8.3.4#803005)
