When authentication is enabled, only specified hosts and users can connect to Search. Authentication also verifies that clients connect to legitimate servers. This feature prevents spoofing such as impersonation and man-in-the-middle attacks. Search supports Kerberos and LDAP authentication.
|Solr Authentication||Use Case|
|No authentication||Insecure cluster|
|Kerberos only||The Hadoop cluster has Kerberos turned on and every user (or client) connecting to Solr has a Kerberos principal.|
|Kerberos and LDAP||The Hadoop cluster has Kerberos turned on. External Solr users (or clients) don’t have Kerberos principal but do have an identity in the LDAP server. Client authentication using LDAP requires that Kerberos is enabled for the cluster. Using LDAP alone is not supported.|
Once you are finished setting up authentication, configure Sentry authorization. Authorization involves specifying which resources can be accessed by particular users when they connect through Search. See Enabling Sentry Authorization for Search using the Command Line for details.