[
https://issues.apache.org/jira/browse/SOLR-15617?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17433116#comment-17433116
]
ASF subversion and git services commented on SOLR-15617:
--------------------------------------------------------
Commit 678f1372ad7a70fa0fc5ab613def481ba6956c8c in solr's branch
refs/heads/main from Kevin Risden
[ https://gitbox.apache.org/repos/asf?p=solr.git;h=678f137 ]
SOLR-15617: Add kerberos.name.rules.mechanism support to KerberosPlugin (#306)
Signed-off-by: Kevin Risden <kris...@apache.org>
> How to get rid of this Warning "WARN (qtp1533985074-57) [ ]
> o.a.h.s.a.u.KerberosName auth_to_local rule mechanism not set.Using default
> of hadoop"
> --------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: SOLR-15617
> URL: https://issues.apache.org/jira/browse/SOLR-15617
> Project: Solr
> Issue Type: Task
> Components: Authentication
> Affects Versions: 8.9
> Environment: OS: Debian 10
> Solr Version : 8.9
> Java Version: 11
>
> Reporter: Jesús Ricardo Ballesteros Molina
> Assignee: Kevin Risden
> Priority: Minor
> Labels: authentication, kerberos, solr, warnings
> Time Spent: 10m
> Remaining Estimate: 0h
>
> Hello, I wrote to the mailing list because I don't know how to get rid of
> that warning properly. A person who replied me in the mailing list asked me
> to open a Jira issue for this:
> [https://www.mail-archive.com/users@solr.apache.org/msg01463.html]
> I configured Solr authentication this guide:
> [https://solr.apache.org/guide/8_9/kerberos-authentication-plugin.html]
> Everything is working OK, I just receive this warning message so often:
> 2021-09-01 20:29:46.789 WARN (qtp1533985074-61) [ ]
> o.a.h.s.a.u.KerberosName auth_to_local rule mechanism not set.Using default
> of hadoop
> I don't know what to do to get rid of this. I personally want to make a right
> configuration in the right fil*e instead of just disabling the warning*.
> I just configured the "[solr.kerberos.name|http://solr.kerberos.name/]
> <[http://solr.kerberos.name>.rules]" in the [solr.in.sh|http://solr.in.sh/]
> <[http://solr.in.sh>]; but it seems to be ignored. I don't know if I have to
> make an extra configuration in the FreeIPA or maybe I am missing another
> configuration file. As I understand this warning should be if I use HDFS or
> Hadoop Authentication but this is not the case.
> This is the content of my "solr.in.sh" file:
> {code:java}
> SOLR_PID_DIR="/opt/var/solr"
> SOLR_HOME="/opt/var/solr/data"
> LOG4J_PROPS="/opt/var/solr/log4j2.xml"
> SOLR_LOGS_DIR="/opt/var/solr/logs"
> SOLR_PORT="8983"
> SOLR_HEAP="6g"
> SOLR_HOST="sa3secglbsolr01.a3sec.local"
> ZK_HOST="sa3secglbzkpt01.a3sec.local:2181,sa3secglbzkpt02.a3sec.local:2181,sa3secglbzkpt03.a3sec.local:2181/solr"
> # Settings for ZK ACL
> SOLR_ZK_CREDS_AND_ACLS="-DzkACLProvider=org.apache.solr.common.cloud.VMParamsAllAndReadonlyDigestZkACLProvider
> \
>
> -DzkCredentialsProvider=org.apache.solr.common.cloud.VMParamsSingleSetCredentialsDigestZkCredentialsProvider
> \
> -DzkDigestUsername=admin-user -DzkDigestPassword=anypassword \
> -DzkDigestReadonlyUsername=readonly-user
> -DzkDigestReadonlyPassword=anypassword"
> SOLR_OPTS="$SOLR_OPTS $SOLR_ZK_CREDS_AND_ACLS"
> # Enables HTTPS. It is implicitly true if you set SOLR_SSL_KEY_STORE. Use
> this config
> # to enable https module with custom jetty configuration.
> SOLR_SSL_ENABLED=true
> # Uncomment to set SSL-related system properties
> # Be sure to update the paths to the correct keystore for your environment
> SOLR_SSL_KEY_STORE=etc/solr-ssl.keystore.p12
> SOLR_SSL_KEY_STORE_PASSWORD=<Anypassword>
> SOLR_SSL_TRUST_STORE=etc/solr-ssl.keystore.p12
> SOLR_SSL_TRUST_STORE_PASSWORD=<Anypassword>
> # Require clients to authenticate
> SOLR_SSL_NEED_CLIENT_AUTH=false
> # Enable clients to authenticate (but not require)
> SOLR_SSL_WANT_CLIENT_AUTH=false
> # SSL Certificates contain host/ip "peer name" information that is validated
> by default. Setting
> # this to false can be useful to disable these checks when re-using a
> certificate on many hosts
> SOLR_SSL_CHECK_PEER_NAME=true
> KERBEROS_RULE="RULE:[1:\$1@\$0](.*A3SEC.LOCAL)s/@.*//"
> SOLR_AUTH_TYPE="kerberos"
> SOLR_AUTHENTICATION_OPTS="-Djava.security
> <http://Djava.security>.auth.login.config=/home/debian/jaas-client.conf
> -Dsolr.kerberos.cookie.domain=sa3secglbsolr01.a3sec.local
> -Dsolr.kerberos.cookie.portaware=true
> -Dsolr.kerberos.principal=HTTP/sa3secglbsolr01.a3sec.local@A3SEC.LOCAL
> -Dsolr.kerberos.keytab=/home/debian/sa3secglbsolr01.keytab
> -Dsolr.kerberos.name <http://Dsolr.kerberos.name>.rules=$KERBEROS_RULE"{code}
>
>
> At the moment I just modified the file log4j2.xml with this content:
>
> {code:java}
> <AsyncLogger
> name="org.apache.hadoop.security.authentication.util.KerberosName"
> level="off"/>{code}
>
> I could disable the warning but as I said I would like to know another way
> different to this.
>
> Best regards.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org
