When using security.json (in Solr 5.4.1 for instance), is there a recommended
method to allow users to change their own passwords? We certainly would not
want to grant blanket security-edit to all users; but requiring users to
divulge their intended passwords (in Email or by other means) to the
administrators of the Solr installation is also arguably less than optimal. It
is unclear whether one could setup (for each individual user: "user1" in this
example) something like:
"set-permission": {"name":"edit_pwd_user1",
"path":"/admin/authentication",
"params":{"command":[set-user],"login":[user1]},
"role": "edit_pw_user1"}
"set-user-role": {"user1": ["edit_pw_user1","other","roles","here"]}
One point that is unclear would be whether "command" and "login" are the
correct strings in the third line of the example above: would they instead be
"cmd" and "user"? "action" and "username"? something else?
Even if this worked when implemented for each individual login, it would be
nice to be able to say once and for all "every login can edit its own password".
There could be ways to create a utility which would change the OS-ownership of
its own process in order to decrypt a file containing the Solr-admin-password,
and to use that to set the password of the Solr login which matched the OS
login which initiated the process; but before embarking on developing such a
utility, I thought I would ask whether there were other suggestions.
