[DOCS] Security disabled by default (elastic/x-pack-elasticsearch#4288)
Original commit: elastic/x-pack-elasticsearch@110df8a58e
This commit is contained in:
parent
f682ecc576
commit
bbcb33b519
|
@ -45,23 +45,16 @@ be disabled individually, using the
|
|||
[[bootstrap-elastic-passwords]]
|
||||
==== The Elastic Bootstrap Password
|
||||
|
||||
When you install {xpack}, if the `elastic` user does not already have a password,
|
||||
When you install {es}, if the `elastic` user does not already have a password,
|
||||
it uses a default bootstrap password. The bootstrap password is a transient
|
||||
password that enables you to run the tools that set all the built-in user passwords.
|
||||
|
||||
By default, the bootstrap password is derived from a randomized `keystore.seed`
|
||||
setting, which is added to the keystore when you install {xpack}. You do not need
|
||||
setting, which is added to the keystore during installation. You do not need
|
||||
to know or change this bootstrap password. If you have defined a
|
||||
`bootstrap.password` setting in the keystore, however, that value is used instead.
|
||||
For more information about interacting with the keystore, see
|
||||
{ref}/secure-settings.html[Secure Settings].
|
||||
////
|
||||
//TBD: Is the following still true?
|
||||
As the `elastic` user is stored in the native realm, the password will be
|
||||
synced to all the nodes in a cluster. It is safe to bootstrap the password with
|
||||
multiple nodes as long as the password is the same. If different passwords are
|
||||
set with different nodes, it is unpredictable which password will be bootstrapped.
|
||||
////
|
||||
|
||||
NOTE: After you <<set-built-in-user-passwords,set passwords for the built-in users>>,
|
||||
in particular for the `elastic` user, there is no further use for the bootstrap
|
||||
|
|
|
@ -277,10 +277,8 @@ see <<custom-roles-provider, Custom Roles Provider Extension>>.
|
|||
[[roles-management-ui]]
|
||||
=== Role Management UI
|
||||
|
||||
If you are a {kib} user, make sure to
|
||||
<<installing-xpack, install {xpack} in {kib}>>.
|
||||
This enables you to easily manage users and roles from within {kib}. To manage roles,
|
||||
log in to {kib} and go to *Management / Elasticsearch / Roles*.
|
||||
{security} enables you to easily manage users and roles from within {kib}. To
|
||||
manage roles, log in to {kib} and go to *Management / Elasticsearch / Roles*.
|
||||
|
||||
[float]
|
||||
[[roles-management-api]]
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
[[security-getting-started]]
|
||||
== Getting Started with Security
|
||||
|
||||
To secure a cluster, you must install {xpack} on every node in the
|
||||
To secure a cluster, you must enable {security} on every node in the
|
||||
cluster. Basic authentication is enabled by default--to communicate
|
||||
with the cluster, you must specify a username and password.
|
||||
Unless you {xpack-ref}/anonymous-access.html[enable anonymous access], all
|
||||
|
@ -14,7 +14,8 @@ does not have a password set by default.
|
|||
|
||||
To get started with {security}:
|
||||
|
||||
. <<installing-xpack, Install X-Pack>>.
|
||||
. Verify that the `xpack.security.enabled` setting is `true`. For more
|
||||
information, see {ref}/security-settings.html[Security Settings in {es}].
|
||||
|
||||
. Start {es} and {kib}.
|
||||
|
||||
|
|
|
@ -11,7 +11,8 @@ including passwords and will not be able to install a license that enables {secu
|
|||
To enable encryption, you need to perform the following steps on each node in
|
||||
the cluster:
|
||||
|
||||
. <<installing-xpack-es,Install {xpack} into {es}>>.
|
||||
. Verify that the `xpack.security.enabled` setting is `true`. For more
|
||||
information, see <<security-settings>>.
|
||||
|
||||
. <<node-certificates, Generate a private key and X.509 certificate>>.
|
||||
|
||||
|
|
|
@ -22,7 +22,9 @@ This feature was added as Beta in {es} `v5.3` with further improvements made in
|
|||
|
||||
To use cross cluster search with secured clusters:
|
||||
|
||||
* Install {xpack} on every node in each connected cluster.
|
||||
* Enable {security} on every node in each connected cluster. For more
|
||||
information about the `xpack.security.enabled` setting, see
|
||||
{ref}/security-settings.html[Security Settings in {es}].
|
||||
|
||||
* Enable encryption globally. To encrypt communications, you must enable
|
||||
<<ssl-tls,enable SSL/TLS>> on every node.
|
||||
|
|
|
@ -5,6 +5,9 @@
|
|||
<titleabbrev>Security Settings</titleabbrev>
|
||||
++++
|
||||
|
||||
By default, {security} is disabled when you have a basic or trial license. To
|
||||
enable {security}, use the `xpack.security.enabled` setting.
|
||||
|
||||
You configure `xpack.security` settings to
|
||||
<<anonymous-access-settings, enable anonymous access>>
|
||||
and perform message authentication,
|
||||
|
@ -22,13 +25,12 @@ For more information about creating and updating the {es} keystore, see
|
|||
[[general-security-settings]]
|
||||
==== General Security Settings
|
||||
`xpack.security.enabled`::
|
||||
Set to `true` (default) to enable {security} on the node. +
|
||||
Set to `true` to enable {security} on the node. +
|
||||
+
|
||||
If set to `false` in `elasticsearch.yml`, {security} is disabled. It also
|
||||
affects all {kib} instances that connect to this {es} instance; you do not
|
||||
need to disable {security} in those `kibana.yml` files. For more information
|
||||
about disabling {security} in specific {kib} instances, see
|
||||
{kibana-ref}/security-settings-kb.html[{kib} Security Settings].
|
||||
If set to `false`, which is the default value for basic and trial licenses,
|
||||
{security} is disabled. It also affects all {kib} instances that connect to this
|
||||
{es} instance; you do not need to disable {security} in those `kibana.yml` files.
|
||||
For more information about disabling {security} in specific {kib} instances, see {kibana-ref}/security-settings-kb.html[{kib} Security Settings].
|
||||
|
||||
`xpack.security.hide_settings`::
|
||||
A comma-separated list of settings that are omitted from the results of the
|
||||
|
|
Loading…
Reference in New Issue