[jira] [Commented] (SOLR-7849) Secure Inter-node communication in a standard mechanism

Fri, 31 Jul 2015 16:46:32 -0700 

    [ 
https://issues.apache.org/jira/browse/SOLR-7849?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14650012#comment-14650012
 ] 

Jan Høydahl commented on SOLR-7849:
-----------------------------------

Interesting idea. How will node B be able to lookup the public key from core 
admin API of node A if A requires B to also authenticate? Perhaps publish 
pub-key through ZK instead of core admin?
What should happen in multi-DC case; would cross cluster communication be 
treated as "internal"? What would <original-user-principal> be in case the 
action is initiated by Solr and not an external request?

> Secure Inter-node communication in a  standard mechanism
> --------------------------------------------------------
>
>                 Key: SOLR-7849
>                 URL: https://issues.apache.org/jira/browse/SOLR-7849
>             Project: Solr
>          Issue Type: Sub-task
>            Reporter: Noble Paul
>            Assignee: Noble Paul
>
> Relying on every Authentication plugin to secure the internode communication 
> is error prone. Solr can standardize the authentication so that only the 
> first request that comes from outside the cluster needs to be authenticated 
> by the authentication plugin
> The scheme to protect the communication will be as follows
> * Every Solr node creates a an RSA key pair 
> * The private key is kept private and the public key is made available 
> through a  core admin API
> * If authentication is enabled , every outgoing request will carry an extra 
> header {{ SolrAuth : <nodename> 
> encrypt_with_pvt_key(<original-user-principal> <timestamp>) }}
> * If authentication is enabled {{SolrDispatchFilter}} would look for this 
> header and see the nodename
> ** If the public key of the nodename is available in cache , make a request 
> to the node and fetch the public key
> ** If the public key has changed (because of a server restart) decryption 
> fails and the public keyis fetched again
> * If the decryption succeeds , the user-name is set to what the header has 
> encoded



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to