Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

SolrJ unable to connect to Kerberorized Solr

SolrJ unable to connect to Kerberorized Solr

New Contributor

We have a Kerborized Solr instance that we are unable to access with SolrJ using a keytab. Using the Cloudera Search Authentication as a guide, we first create a jaas-client.conf file with the following contents:

 

Client {
 com.sun.security.auth.module.Krb5LoginModule required
 useKeyTab=true
 keyTab="/path/to/keytab/solr.keytab"
 storeKey=true
 useTicketCache=false
 principal="solr/fully.qualified.domain.name@OUR_REALM"; 
};

 Please note that I obfuscated the path and principal for security reasons. 

 

I also set the following property:

 

System.setProperty("java.security.auth.login.config", configFile.getAbsolutePath());

 

With this setup, I expect the client to use the solr/fully.qualified.domain.name@OUR_REALM principal from the solr.keytab but I am prompted for the Kerberos principal and password from STDIN. 

 

If I perform a kinit for the SOLR principal using this keytab, the client is able to connect to SOLR without issue. 

 

Solr documentation also suggests the following:

 

 

System.setProperty("java.security.auth.login.config", configFile.getAbsolutePath());
HttpClientUtil.setConfigurer(new Krb5HttpClientConfigurer());

 

 

 

When I step through the code, I can see Krb5HttpClientConfigurer() being called so I am not sure why the SolrJ client is unable to supply the Kerberos credentials. 

 

We are running CHD 5.4.9 with Solr 4.10.3 with the following SolrJ POM dependency:

 

<dependency>
<groupId>org.apache.solr</groupId>
<artifactId>solr-solrj</artifactId>
<version>4.10.3-cdh5.4.9</version>
</dependency>

 

1 REPLY 1

Re: SolrJ unable to connect to Kerberorized Solr

New Contributor
Add the below two statements in your code

System.setProperty("java.security.krb5.realm", REALM);
System.setProperty("java.security.krb5.kdc", REALM+":88");