lucene-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hrishikesh Gadre (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (SOLR-9324) Support Secure Impersonation / Proxy User for solr authentication
Date Fri, 20 Jan 2017 05:29:26 GMT

    [ https://issues.apache.org/jira/browse/SOLR-9324?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15831212#comment-15831212
] 

Hrishikesh Gadre commented on SOLR-9324:
----------------------------------------

[~ichattopadhyaya] Ok let me take a look.

> Support Secure Impersonation / Proxy User for solr authentication
> -----------------------------------------------------------------
>
>                 Key: SOLR-9324
>                 URL: https://issues.apache.org/jira/browse/SOLR-9324
>             Project: Solr
>          Issue Type: Improvement
>      Security Level: Public(Default Security Level. Issues are Public) 
>          Components: SolrCloud
>            Reporter: Gregory Chanan
>            Assignee: Yonik Seeley
>             Fix For: master (7.0), 6.4
>
>         Attachments: build-6025.log, SOLR-9324_branch_6x.patch, SOLR-9324.patch, SOLR-9324.patch,
SOLR-9324.patch, SOLR-9324-tests.patch
>
>
> Solr should support Proxy User / Secure Impersonation for authentication, as supported
by hadoop (http://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-common/Superusers.html)
and supported by the hadoop AuthenticationFilter (which we use for the KerberosPlugin).
> There are a number of use cases, but a common one is this:
> There is a front end for searches (say, Hue http://gethue.com/) that supports its own
login mechanisms.  If the cluster uses kerberos for authentication, hue must have kerberos
credentials for each user, which is a pain to manage.  Instead, hue can be allowed to impersonate
known users from known machines so it only needs its own kerberos credentials.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org


Mime
View raw message