Reply
New Contributor
Posts: 4
Registered: ‎01-23-2015

SolrJ unable to connect to Kerberorized Solr

[ Edited ]

We have a Kerborized Solr instance that we are unable to access with SolrJ using a keytab. Using the Cloudera Search Authentication as a guide, we first create a jaas-client.conf file with the following contents:

 

Client {
 com.sun.security.auth.module.Krb5LoginModule required
 useKeyTab=true
 keyTab="/path/to/keytab/solr.keytab"
 storeKey=true
 useTicketCache=false
 principal="solr/fully.qualified.domain.name@OUR_REALM"; 
};

 Please note that I obfuscated the path and principal for security reasons. 

 

I also set the following property:

 

System.setProperty("java.security.auth.login.config", configFile.getAbsolutePath());

 

With this setup, I expect the client to use the solr/fully.qualified.domain.name@OUR_REALM principal from the solr.keytab but I am prompted for the Kerberos principal and password from STDIN. 

 

If I perform a kinit for the SOLR principal using this keytab, the client is able to connect to SOLR without issue. 

 

Solr documentation also suggests the following:

 

 

System.setProperty("java.security.auth.login.config", configFile.getAbsolutePath());
HttpClientUtil.setConfigurer(new Krb5HttpClientConfigurer());

 

 

 

When I step through the code, I can see Krb5HttpClientConfigurer() being called so I am not sure why the SolrJ client is unable to supply the Kerberos credentials. 

 

We are running CHD 5.4.9 with Solr 4.10.3 with the following SolrJ POM dependency:

 

<dependency>
<groupId>org.apache.solr</groupId>
<artifactId>solr-solrj</artifactId>
<version>4.10.3-cdh5.4.9</version>
</dependency>

 

New Contributor
Posts: 2
Registered: ‎02-18-2019

Re: SolrJ unable to connect to Kerberorized Solr

Add the below two statements in your code

System.setProperty("java.security.krb5.realm", REALM);
System.setProperty("java.security.krb5.kdc", REALM+":88");

Announcements