[
https://issues.apache.org/jira/browse/SOLR-7849?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17358958#comment-17358958
]
Noble Paul commented on SOLR-7849:
----------------------------------
{quote}Okay. Is this ultimately to distinguish Client side
{quote}
there are a few different places where we invoke calls to other solr nodes
# a thread that is a part of an incoming request
# a thread that is a part of a solr server threadpool, wich is used to perform
operations in the background. e.g: intra node requests sent from overseer
# threads in SolrJ
#3 is not a problem becuase it does not have a private key in that VM so it
won't be able to send a privileged request to a solr node anyway.
we need to differentiate between #1 and #2
#1 should actually carry the credentials of incoming request.
#2 should carry the credential of the super user
> Secure Inter-node communication in a standard mechanism
> --------------------------------------------------------
>
> Key: SOLR-7849
> URL: https://issues.apache.org/jira/browse/SOLR-7849
> Project: Solr
> Issue Type: Sub-task
> Reporter: Noble Paul
> Assignee: Noble Paul
> Priority: Major
> Fix For: 5.3, 6.0
>
> Attachments: SOLR-7849.patch, SOLR-7849.patch, SOLR-7849.patch,
> SOLR-7849.patch
>
>
> Relying on every Authentication plugin to secure the internode communication
> is error prone. Solr can standardize the authentication so that only the
> first request that comes from outside the cluster needs to be authenticated
> by the authentication plugin
> The scheme to protect the communication will be as follows
> * Every Solr node creates a an RSA key pair
> * The private key is kept private and the public key is made available
> through a core admin API
> * If authentication is enabled , every outgoing request will carry an extra
> header {{ SolrAuth : <nodename>
> encrypt_with_pvt_key(<original-user-principal> <timestamp>) }}
> * If authentication is enabled {{SolrDispatchFilter}} would look for this
> header and see the nodename
> ** If the public key of the nodename is available in cache , make a request
> to the node and fetch the public key
> ** If the public key has changed (because of a server restart) decryption
> fails and the public keyis fetched again
> * If the decryption succeeds , the user-name is set to what the header has
> encoded
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org
