27 lines
1.3 KiB
Plaintext
27 lines
1.3 KiB
Plaintext
[[file-realm]]
|
|
=== File-based user authentication
|
|
|
|
You can manage and authenticate users with the built-in `file` realm.
|
|
With the `file` realm, users are defined in local files on each node in the cluster.
|
|
|
|
IMPORTANT: As the administrator of the cluster, it is your responsibility to
|
|
ensure the same users are defined on every node in the cluster.
|
|
{security} does not deliver any mechanism to guarantee this.
|
|
|
|
The `file` realm is primarily supported to serve as a fallback/recovery realm. It
|
|
is mostly useful in situations where all users locked themselves out of the system
|
|
(no one remembers their username/password). In this type of scenarios, the `file`
|
|
realm is your only way out - you can define a new `admin` user in the `file` realm
|
|
and use it to log in and reset the credentials of all other users.
|
|
|
|
IMPORTANT: When you configure realms in `elasticsearch.yml`, only the
|
|
realms you specify are used for authentication. To use the
|
|
`file` realm as a fallback, you must include it in the realm chain.
|
|
|
|
To define users, {security} provides the {ref}/users-command.html[users]
|
|
command-line tool. This tool enables you to add and remove users, assign user
|
|
roles, and manage user passwords.
|
|
|
|
For more information, see
|
|
{ref}/configuring-file-realm.html[Configuring a file realm].
|