honeymoose/OpenSearch
1
0
Fork 0
mirror of https://github.com/honeymoose/OpenSearch.git synced 2025-02-07 21:48:39 +00:00
Code Issues Packages Projects Releases Wiki Activity
OpenSearch/x-pack/docs/en/security/authentication/configuring-native-realm.asciidoc
Tim Vernum 574ec6686e
Include realm type in Security Realm setting keys (#30241) 
This moves all Realm settings to an Affix definition.
However, because different realm types define different settings
(potentially conflicting settings) this requires that the realm type
become part of the setting key.

Thus, we now need to define realm settings as:

    xpack.security.authc.realms:
      file.file1:
        order: 0

      native.native1:
        order: 1

- This is a breaking change to realm config
- This is also a breaking change to custom security realms (SecurityExtension)
2018-11-06 14:56:50 +11:00

51 lines
1.9 KiB
Plaintext
Raw Blame History

[role="xpack"]
[[configuring-native-realm]]
=== Configuring a native realm
The easiest way to manage and authenticate users is with the internal `native`
realm.
The native realm is available by default when no other realms are
configured. If other realm settings have been configured in `elasticsearch.yml`,
you must add the native realm to the realm chain.
You can configure a `native` realm in the `xpack.security.authc.realms.native`
namespace in `elasticsearch.yml`.
Explicitly configuring a native realm enables you to set the order in which it
appears in the realm chain, temporarily disable the realm, and control its
cache options.
. Add a realm configuration to `elasticsearch.yml` under the
`xpack.security.authc.realms.native` namespace. It is recommended that you
explicitly set the `order` attribute for the realm.
+
--
See <<ref-native-settings>> for all of the options you can set for the `native` realm.
For example, the following snippet shows a `native` realm configuration that
sets the `order` to zero so the realm is checked first:
[source, yaml]
------------------------------------------------------------
xpack:
security:
authc:
realms:
native:
native1:
order: 0
------------------------------------------------------------
NOTE: To limit exposure to credential theft and mitigate credential compromise,
the native realm stores passwords and caches user credentials according to
security best practices. By default, a hashed version of user credentials
is stored in memory, using a salted `sha-256` hash algorithm and a hashed
version of passwords is stored on disk salted and hashed with the `bcrypt`
hash algorithm. To use different hash algorithms, see <<hashing-settings>>.
--
. Restart {es}.
. Manage your users in {kib} on the *Management / Security / Users* page.
Alternatively, use the <<security-api-users,User Management APIs>>.
Reference in New Issue View Git Blame Copy Permalink