Q.do you know when it would be released? 5.3 will be released in another 3-4 weeks .
Q.Are there any requirements of ZK authentication must be there as well? NO bq.Providing my own security.json + class/implementation to verify user/pass should work today with 5.2, right? Yes. But, if you modify your credentials or anything in that JSON, you will have to restart all your nodes . Q.SOLR-7274 pluggable security is already in 5.2 (my requirement is to provide user/pass in a secure manner, not as argument on cmd or from (our unsecured) ZK but from a configuration restful service, I'm not clear what your question is. Basic Auth is a well-known standard. We are just implementing that standard. We store all credentials & permissions in ZK . That means it is only as secure as your ZK . As long as nobody can write to ZK, your system is safe On Wed, Jul 22, 2015 at 11:10 PM, Fadi Mohsen <fadi.moh...@gmail.com> wrote: > Hi, I have some questions regarding basic auth and proper support in 5.3: > > do you know when it would be released? > > Are there any requirements of ZK authentication must be there as well? > > Do we store the user/pass in ZK? > > SOLR-7274 pluggable security is already in 5.2 (my requirement is to provide > user/pass in a secure manner, not as argument on cmd or from (our unsecured) > ZK but from a configuration restful service, > I'm not sure 5.3 release would fit above requirement, can you reflect on this? > > Providing my own security.json + class/implementation to verify user/pass > should work today with 5.2, right? > > Thanks > Fadi > >> On 22 Jul 2015, at 14:33, Noble Paul <noble.p...@gmail.com> wrote: >> >> Solr 5.3 is coming with proper basic auth support >> >> >> https://issues.apache.org/jira/browse/SOLR-7692 >> >>> On Wed, Jul 22, 2015 at 5:28 PM, Peter Sturge <peter.stu...@gmail.com> >>> wrote: >>> if you're using Jetty you can use the standard realms mechanism for Basic >>> Auth, and it works the same on Windows or UNIX. There's plenty of docs on >>> the Jetty site about getting this working, although it does vary somewhat >>> depending on the version of Jetty you're running (N.B. I would suggest >>> using Jetty 9, and not 8, as 8 is missing some key authentication classes). >>> If, when you execute a search query to your Solr instance you get a >>> username and password popup, then Jetty's auth is setup. If you don't then >>> something's wrong in the Jetty config. >>> >>> it's worth noting that if you're doing distributed searches Basic Auth on >>> its own will not work for you. This is because Solr sends distributed >>> requests to remote instances on behalf of the user, and it has no knowledge >>> of the web container's auth mechanics. We got 'round this by customizing >>> Solr to receive credentials and use them for authentication to remote >>> instances - SOLR-1861 is an old implementation for a previous release, and >>> there has been some significant refactoring of SearchHandler since then, >>> but the concept works well for distributed queries. >>> >>> Thanks, >>> Peter >>> >>> >>> >>>> On Wed, Jul 22, 2015 at 11:18 AM, O. Klein <kl...@octoweb.nl> wrote: >>>> >>>> Steven White wrote >>>>> Thanks for updating the wiki page. However, my issue remains, I cannot >>>>> get >>>>> Basic auth working. Has anyone got it working, on Windows? >>>> >>>> Doesn't work for me on Linux either. >>>> >>>> >>>> >>>> -- >>>> View this message in context: >>>> http://lucene.472066.n3.nabble.com/Basic-auth-tp4218053p4218519.html >>>> Sent from the Solr - User mailing list archive at Nabble.com. >> >> >> >> -- >> ----------------------------------------------------- >> Noble Paul -- ----------------------------------------------------- Noble Paul
