Commit Graph

8 Commits

Author SHA1 Message Date
Tim Brooks f2cbe20ea0 Remove default passwords from reserved users (elastic/x-pack-elasticsearch#1665)
This is related to elastic/x-pack-elasticsearch#1217. This PR removes the default password of
"changeme" from the reserved users.

This PR adds special behavior for authenticating the reserved users. No
ReservedRealm user can be authenticated until its password is set. The
one exception to this is the elastic user. The elastic user can be
authenticated with an empty password if the action is a rest request
originating from localhost. In this scenario where an elastic user is
authenticated with a default password, it will have metadata indicating
that it is in setup mode. An elastic user in setup mode is only
authorized to execute a change password request.

Original commit: elastic/x-pack-elasticsearch@e1e101a237
2017-06-29 15:27:57 -05:00
Lisa Cawley 08fdac5a93 [DOCS] Move security APIs to Elasticsearch Ref (elastic/x-pack-elasticsearch#1877)
* [DOCS] Move security APIs to Elasticsearch Ref

* [DOCS] Update links to security APIs

* [DOCS] Fix link to security APIs

Original commit: elastic/x-pack-elasticsearch@d7a9d3f1ab
2017-06-28 11:02:40 -07:00
Andy Bristol 855c63dbc7 User/role names can be longer with more characters (elastic/x-pack-elasticsearch#1745)
This changes the validation criteria we use for user and role
names in the file realm, native realm, and the
realm-agnostic code in x-pack security. The new criteria is:

A valid username's length must be at least 1 and no more than 1024
characters. It may not contain leading or trailing whitespace. All
characters in the name must be be alphanumeric (`a-z`, `A-Z`, `0-9`),
printable punctuation or symbols in the https://en.wikipedia.org/wiki/Basic_Latin_(Unicode_block)[Basic Latin (ASCII) block],
or the space character.

Original commit: elastic/x-pack-elasticsearch@f77640f269
2017-06-22 13:05:56 -07:00
Tim Vernum fe37109c3f [DOCS] [Security] Documentation for Role Mapping API (elastic/x-pack-elasticsearch#1474)
Includes:
- Extensive changes to "mapping roles" section
- New section for role mapping API
- Updates to LDAP/AD/PKI realms to refer to API based role mapping 
- Updates to LDAP/AD realms: `unmapped_groups_as_roles` only looks at file-based mappings 
- Updates to LDAP/AD realms: new setting for "metadata"

Original commit: elastic/x-pack-elasticsearch@6349f665f5
2017-06-06 14:12:31 +10:00
Tim Vernum 9f7f8ffb4d Outstanding docs for 5.4 changes (elastic/x-pack-elasticsearch#1280)
Docs for security features in 5.4

- `has_privileges` API
-  ldap metadata.

Original commit: elastic/x-pack-elasticsearch@22c733c814
2017-05-12 16:51:47 +10:00
Chee Wee 1e0caee90d Corrected a mistake on disabling a user (elastic/x-pack-elasticsearch#1135)
Corrected a mistake on disabling a user, when it should be enabling.

Please review the changes.

Original commit: elastic/x-pack-elasticsearch@352997e427
2017-05-03 10:55:26 +08:00
Jay Modi 1d08b4d1fb Rest endpoints for token based access (elastic/x-pack-elasticsearch#1235)
This commit adds rest endpoints for the creation of a new token and invalidation of an existing
token. This builds upon the functionality that was introduced in elastic/x-pack-elasticsearch#1029.

relates elastic/x-pack-elasticsearch#8

Original commit: elastic/x-pack-elasticsearch@d56611dfa3
2017-04-27 11:04:31 -04:00
debadair e804d78be5 [DOCS] Migrated rest-api topics from x-pack repo to x-pack-elasticsearch.
Original commit: elastic/x-pack-elasticsearch@46c9bf780a
2017-04-06 18:04:39 -07:00