honeymoose/OpenSearch
1
0
Fork 0
mirror of https://github.com/honeymoose/OpenSearch.git synced 2025-03-09 14:34:43 +00:00
Code Issues Packages Projects Releases Wiki Activity
OpenSearch/x-pack/docs/en/security/authentication/configuring-native-realm.asciidoc
Ioannis Kakavas 65d4f27873
[DOCS] Add configurable password hashing docs (#32849) 
* [DOCS] Add configurable password hashing docs

Adds documentation about the newly introduced configuration option
for setting the password hashing algorithm to be used for the users
cache and for storing credentials for the native and file realm.
2018-08-21 12:05:42 +03:00

51 lines
2.0 KiB
Plaintext
Raw Blame History

[role="xpack"]
[[configuring-native-realm]]
=== Configuring a native realm
The easiest way to manage and authenticate users is with the internal `native`
realm.
The native realm is available by default when no other realms are
configured. If other realm settings have been configured in `elasticsearch.yml`,
you must add the native realm to the realm chain.
You can configure options for the `native` realm in the
`xpack.security.authc.realms` namespace in `elasticsearch.yml`. Explicitly
configuring a native realm enables you to set the order in which it appears in
the realm chain, temporarily disable the realm, and control its cache options.
. Add a realm configuration of type `native` to `elasticsearch.yml` under the
`xpack.security.authc.realms` namespace. At a minimum, you must set the realm
`type` to `native`. If you are configuring multiple realms, you should also
explicitly set the `order` attribute.
+
--
See <<ref-native-settings>> for all of the options you can set for the `native` realm.
For example, the following snippet shows a `native` realm configuration that
sets the `order` to zero so the realm is checked first:
[source, yaml]
------------------------------------------------------------
xpack:
security:
authc:
realms:
native1:
type: native
order: 0
------------------------------------------------------------
NOTE: To limit exposure to credential theft and mitigate credential compromise,
the native realm stores passwords and caches user credentials according to
security best practices. By default, a hashed version of user credentials
is stored in memory, using a salted `sha-256` hash algorithm and a hashed
version of passwords is stored on disk salted and hashed with the `bcrypt`
hash algorithm. To use different hash algorithms, see <<hashing-settings>>.
--
. Restart {es}.
. Manage your users in {kib} on the *Management / Security / Users* page.
Alternatively, use the <<security-api-users,User Management APIs>>.
Reference in New Issue View Git Blame Copy Permalink