honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Adjust file realm docs (#52471) (#52745) 

The existing wording in the file realm docs proved confusing
for users as it seemed to indicate that it should _only_ be
used as a fallback/recovery realm and that it is not a
first class realm.

This change attempts to clarify this and point out that recovery
is _a_ use case for the file realm but not the only intended one.
This commit is contained in:
Ioannis Kakavas 2020-02-25 11:59:13 +02:00 committed by GitHub
parent 5f81906fcf
commit e2aa5bc174
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 12 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
x-pack/docs/en/security/authentication/file-realm.asciidoc
View File

@ -7,17 +7,21 @@ With the `file` realm, users are defined in local files on each node in the clus
IMPORTANT: As the administrator of the cluster, it is your responsibility to
ensure the same users are defined on every node in the cluster. The {stack}
{security-features} do not deliver any mechanism to guarantee this.
{security-features} do not deliver any mechanism to guarantee this. You should
also be aware that you cannot add or manage users in the `file` realm via the
<<security-user-apis, user APIs>> and you cannot add or manage them in {kib} on the
*Management / Security / Users* page
The `file` realm is primarily supported to serve as a fallback/recovery realm. It
is mostly useful in situations where all users locked themselves out of the system
(no one remembers their username/password). In this type of scenarios, the `file`
realm is your only way out - you can define a new `admin` user in the `file` realm
and use it to log in and reset the credentials of all other users.
The `file` realm is very useful as a fallback or recovery realm. For example in cases where
the cluster is unresponsive or the security index is unavailable, or when you forget the
password for your administrative users.
In this type of scenario, the `file` realm is a convenient way out - you can
define a new `admin` user in the `file` realm and use it to log in and reset the
credentials of all other users.
IMPORTANT: When you configure realms in `elasticsearch.yml`, only the realms you
specify are used for authentication. To use the `file` realm as a fallback, you
must include it in the realm chain.
specify are used for authentication. To use the `file` realm you must explicitly
include it in the realm chain.
To define users, the {security-features} provide the
{ref}/users-command.html[users] command-line tool. This tool enables you to add