Thanks a lot Karl for your feedback. Do you mind if I create a Jira where I report on the progress?
> Am 17.12.2019 um 12:22 schrieb Karl Wright <[email protected]>: > > > Well, you can certainly attempt this simply enough then if you build from > source. I'd prefer that you validate the approach before we make permanent > commits. > > Please let me know what works and what doesn't. > > Karl > > >> On Tue, Dec 17, 2019 at 1:22 AM Jörn Franke <[email protected]> wrote: >> I agree. >> The delegation part is not relevant for me. I also do not believe it makes >> sense at the ETL level. >> I think still we need add the one line of code that allows to use Kerberos >> (second line in the example). >> >>>> Am 17.12.2019 um 01:35 schrieb Karl Wright <[email protected]>: >>>> >>> >>> Hi Jorn, >>> >>> The code referenced cannot be set up differently from connection to >>> connection so there is no point in having this be anything other than >>> global. In that case you can point at the config file with >>> -D<parameter>=value and it will do the same thing as setting a system >>> property. >>> >>> The token delegation with HttpClient I'll have to study to confirm that >>> we're doing this right in the connector. >>> >>> Karl >>> >>> >>> >>>> On Mon, Dec 16, 2019 at 6:15 PM Jörn Franke <[email protected]> wrote: >>>> Thanks a lot for the quick reply. Actually it is here: >>>> https://lucene.apache.org/solr/guide/8_3/kerberos-authentication-plugin.html#using-solrj-with-a-kerberized-solr >>>> It is also available in the previous versions of Solr. >>>> I wonder how easy it would be to add a configuration to the Manifold UI to >>>> point to a jaas-client.conf. However, it is also not strictly necessary >>>> that this one is configurable in the UI. It could be also a checkbox >>>> yes/no Kerberos authentication and the jaas-client.conf could be put in a >>>> certain folder. >>>> >>>> Interesting would be also if Solr 8.x can be made work in this setting. >>>> >>>>> On Mon, Dec 16, 2019 at 11:47 PM Karl Wright <[email protected]> wrote: >>>>> The Solr Output Connector uses a patched HttpComponents/HttpClient for >>>>> communication with the various Solr Cloud replicas, along with custom >>>>> versions of some of the SolrJ classes which allow multipart posts to >>>>> work. Other than that it's standard SolrJ. Whatever SolrJ needs to work >>>>> with Kerberos, therefore, should work with the ManifoldCF Solr Output >>>>> Connector. So if you can point me at the SolrJ documentation for this >>>>> configuration I can perhaps review it and give you my opinion as to the >>>>> difficulty involved. >>>>> >>>>> Karl >>>>> >>>>> >>>>>> On Mon, Dec 16, 2019 at 5:31 PM Jörn Franke <[email protected]> wrote: >>>>>> Hallo, >>>>>> >>>>>> does the Solr Output Connector support SolrCloud with Kerberos >>>>>> authentication and Zookeeper with Kerberos authentication? >>>>>> >>>>>> If so, how can this be configured? >>>>>> >>>>>> If it is not supported, is there an "easy" way to integrate this? From a >>>>>> development perspective the Kerberos Authentication with both is not >>>>>> difficult to achieve, but of course it stil needs to be integrated in >>>>>> the whole solution. >>>>>> >>>>>> Thank you. >>>>>> >>>>>> Best regards
