From 5064ff6ad43d4a1189c7283948e2a272f8b2ee02 Mon Sep 17 00:00:00 2001 From: Lisa Cawley Date: Wed, 2 May 2018 10:56:31 -0700 Subject: [PATCH] [DOCS] Adds native realm configuration details (#30215) --- .../configuring-native-realm.asciidoc | 43 +++++++++++++++++++ .../authentication/native-realm.asciidoc | 41 ++---------------- .../docs/en/security/configuring-es.asciidoc | 2 + 3 files changed, 48 insertions(+), 38 deletions(-) create mode 100644 x-pack/docs/en/security/authentication/configuring-native-realm.asciidoc diff --git a/x-pack/docs/en/security/authentication/configuring-native-realm.asciidoc b/x-pack/docs/en/security/authentication/configuring-native-realm.asciidoc new file mode 100644 index 00000000000..3c4f44fdfc9 --- /dev/null +++ b/x-pack/docs/en/security/authentication/configuring-native-realm.asciidoc @@ -0,0 +1,43 @@ +[role="xpack"] +[[configuring-native-realm]] +=== Configuring a Native Realm + +The easiest way to manage and authenticate users is with the internal `native` +realm. + +The native realm is available by default when no other realms are +configured. If other realm settings have been configured in `elasticsearch.yml`, +you must add the native realm to the realm chain. + +You can configure options for the `native` realm in the +`xpack.security.authc.realms` namespace in `elasticsearch.yml`. Explicitly +configuring a native realm enables you to set the order in which it appears in +the realm chain, temporarily disable the realm, and control its cache options. + +. Add a realm configuration of type `native` to `elasticsearch.yml` under the +`xpack.security.authc.realms` namespace. At a minimum, you must set the realm +`type` to `native`. If you are configuring multiple realms, you should also +explicitly set the `order` attribute. ++ +-- +See <> for all of the options you can set for the `native` realm. +For example, the following snippet shows a `native` realm configuration that +sets the `order` to zero so the realm is checked first: + +[source, yaml] +------------------------------------------------------------ +xpack: + security: + authc: + realms: + native1: + type: native + order: 0 +------------------------------------------------------------ +-- + +. Restart {es}. + +. Manage your users in {kib} on the *Management / Security / Users* page. +Alternatively, use the <>. + diff --git a/x-pack/docs/en/security/authentication/native-realm.asciidoc b/x-pack/docs/en/security/authentication/native-realm.asciidoc index 1c3afdacdc5..3643e42e02a 100644 --- a/x-pack/docs/en/security/authentication/native-realm.asciidoc +++ b/x-pack/docs/en/security/authentication/native-realm.asciidoc @@ -9,47 +9,12 @@ manage user passwords. [float] ==== Configuring a native realm -The native realm is added to the realm chain by default. You don't need to -explicitly configure a native realm to manage users through the REST APIs. - - -IMPORTANT: When you configure realms in `elasticsearch.yml`, only the -realms you specify are used for authentication. To use the -`native` realm as a fallback, you must include it in the realm chain. - -You can, however, configure options for the `native` realm in the -`xpack.security.authc.realms` namespace in `elasticsearch.yml`. Explicitly -configuring a native realm enables you to set the order in which it appears in -the realm chain, temporary disable the realm, and control its cache options. - -To configure a native realm: - -. Add a realm configuration of type `native` to `elasticsearch.yml` under the -`xpack.security.authc.realms` namespace. At a minimum, you must set the realm -`type` to `native`. If you are configuring multiple realms, you should also -explicitly set the `order` attribute. See <> -for all of the options you can set for the `native` realm. -+ -For example, the following snippet shows a `native` realm configuration that -sets the `order` to zero so the realm is checked first: -+ -[source, yaml] ------------------------------------------------------------- -xpack: - security: - authc: - realms: - native1: - type: native - order: 0 ------------------------------------------------------------- - -. Restart Elasticsearch. +See {ref}/[Configuring a native realm]. [[native-settings]] ==== Native realm settings -See {ref}/security-settings.html#ref-native-settings[Native Realm Settings]. +See {ref}/security-settings.html#ref-native-settings[Native realm settings]. [[managing-native-users]] ==== Managing native users @@ -58,7 +23,7 @@ See {ref}/security-settings.html#ref-native-settings[Native Realm Settings]. *Management / Security / Users* page. Alternatively, you can manage users through the `user` API. For more -information and examples, see {ref}/security-api-users.html[User Management APIs]. +information and examples, see {ref}/security-api-users.html[User management APIs]. [[migrating-from-file]] NOTE: To migrate file-based users to the `native` realm, use the diff --git a/x-pack/docs/en/security/configuring-es.asciidoc b/x-pack/docs/en/security/configuring-es.asciidoc index 114fd1cdc4f..9bcae7fe80d 100644 --- a/x-pack/docs/en/security/configuring-es.asciidoc +++ b/x-pack/docs/en/security/configuring-es.asciidoc @@ -73,6 +73,7 @@ user API. . Choose which types of realms you want to use to authenticate users. ** <>. ** <>. +** <>. ** <>. . Set up roles and users to control access to {es}. @@ -135,6 +136,7 @@ include::securing-communications/enabling-cipher-suites.asciidoc[] include::securing-communications/separating-node-client-traffic.asciidoc[] include::authentication/configuring-active-directory-realm.asciidoc[] include::authentication/configuring-file-realm.asciidoc[] +include::authentication/configuring-native-realm.asciidoc[] include::authentication/configuring-pki-realm.asciidoc[] include::{xes-repo-dir}/settings/security-settings.asciidoc[] include::{xes-repo-dir}/settings/audit-settings.asciidoc[]