21 lines
715 B
Plaintext
21 lines
715 B
Plaintext
[[pki-realm]]
|
|
=== PKI user authentication
|
|
|
|
You can configure {security} to use Public Key Infrastructure (PKI) certificates
|
|
to authenticate users in {es}. This requires clients to present X.509
|
|
certificates.
|
|
|
|
NOTE: You cannot use PKI certificates to authenticate users in {kib}.
|
|
|
|
To use PKI in {es}, you configure a PKI realm, enable client authentication on
|
|
the desired network layers (transport or http), and map the Distinguished Names
|
|
(DNs) from the user certificates to {security} roles in the
|
|
<<mapping-roles, role mapping file>>.
|
|
|
|
See {ref}/configuring-pki-realm.html[Configuring a PKI realm].
|
|
|
|
[[pki-settings]]
|
|
==== PKI Realm Settings
|
|
|
|
See {ref}/security-settings.html#ref-pki-settings[PKI realm settings].
|