Skip to content

Instantly share code, notes, and snippets.

@rmalchow
Last active August 21, 2023 12:33
Show Gist options
  • Save rmalchow/51f5b23c2f59c687b001bfcdbf4bad5c to your computer and use it in GitHub Desktop.
Save rmalchow/51f5b23c2f59c687b001bfcdbf4bad5c to your computer and use it in GitHub Desktop.
how to generate password hash and salt for basic auth in solr

solr has a basic authentication module. the description of how to generate the necessary hash + salt string is very hazy. there is this:

https://github.com/ansgarwiechers/solrpasswordhash

project with java code extracted from the solr source .... and then there is this:

#!/bin/bash
PW=$1
SALT=$(pwgen 48 -1)
echo "hash    : $(echo -n "$SALT$PW" | sha256sum -b | xxd -r -p | sha256sum -b | xxd -r -p | base64 -w 1024) $(echo -n "$SALT" | base64 -w1024)"

to run this, you need to have pwgen and vim-common installed, eg (fedora)

dnf install pwgen vim-common -y

pwgen can obviously be replaced by anything that produces random strings. vim-common contains the "xxd" binary to convert hexadecimal output of sha256sum to binary.

you can then call this script:

script.sh "you_passw0rd"

and the out put goes in here:

"authentication": {
    "blockUnknown": true,
    "class": "solr.BasicAuthPlugin",
    "credentials": {
      "solr": "[***OUTPUT OF THE SCRIPT***]"
    }
}

this script could be more elaborate - but i'd rather leave that as an execise to the reader :)

@RoSk0
Copy link

RoSk0 commented Aug 18, 2021

xxd is a separate package on Ubuntu

@victoriastuart
Copy link

This is superb; thank you. Q: why is the sha256sum -b | xxd -r -p | sha256sum -b | xxd -r -p part duplicated? It's necessary, but I'm not following why that is.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment