[jira] [Commented] (SOLR-9513) Introduce a generic authentication plugin which delegates all functionality to Hadoop authentication framework

Wed, 07 Dec 2016 12:28:12 -0800 

    [ 
https://issues.apache.org/jira/browse/SOLR-9513?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15729826#comment-15729826
 ] 

Ishan Chattopadhyaya commented on SOLR-9513:
--------------------------------------------

[~hgadre], I think the patch looks good. However, I'm slightly concerned about 
the names for the two plugins, i.e. {{SolrCloudHadoopAuthPlugin}} and 
{{GenericHadoopAuthPlugin}}. Given that both can be used in SolrCloud, I think 
it will be confusing for the user as to why are these named so. Do you think we 
can choose some other names that make the actual distinction clear? Perhaps 
something like (a) {{HadoopAuthPlugin}} and {{HadoopAuthWithPKIPlugin}}, or (b) 
{{HadoopAuthWithInterNodeAuthPlugin}} and {{HadoopAuthPlugin}}. I'm open to 
other suggestions as well.

> Introduce a generic authentication plugin which delegates all functionality 
> to Hadoop authentication framework
> --------------------------------------------------------------------------------------------------------------
>
>                 Key: SOLR-9513
>                 URL: https://issues.apache.org/jira/browse/SOLR-9513
>             Project: Solr
>          Issue Type: Improvement
>      Security Level: Public(Default Security Level. Issues are Public) 
>            Reporter: Hrishikesh Gadre
>
> Currently Solr kerberos authentication plugin delegates the core logic to 
> Hadoop authentication framework. But the configuration parameters required by 
> the Hadoop authentication framework are hardcoded in the plugin code itself. 
> https://github.com/apache/lucene-solr/blob/5b770b56d012279d334f41e4ef7fe652480fd3cf/solr/core/src/java/org/apache/solr/security/KerberosPlugin.java#L119
> The problem with this approach is that we need to make code changes in Solr 
> to expose new capabilities added in Hadoop authentication framework. e.g. 
> HADOOP-12082
> We should implement a generic Solr authentication plugin which will accept 
> configuration parameters via security.json (in Zookeeper) and delegate them 
> to Hadoop authentication framework. This will allow to utilize new features 
> in Hadoop without code changes in Solr.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to