41 lines
1.6 KiB
Plaintext
41 lines
1.6 KiB
Plaintext
The native realm is available by default when no other realms are
|
|
configured. If other realm settings have been configured in `elasticsearch.yml`,
|
|
you must add the native realm to the realm chain.
|
|
|
|
You can configure a `native` realm in the `xpack.security.authc.realms.native`
|
|
namespace in `elasticsearch.yml`.
|
|
Explicitly configuring a native realm enables you to set the order in which it
|
|
appears in the realm chain, temporarily disable the realm, and control its
|
|
cache options.
|
|
|
|
. Add a realm configuration to `elasticsearch.yml` under the
|
|
`xpack.security.authc.realms.native` namespace. It is recommended that you
|
|
explicitly set the `order` attribute for the realm.
|
|
+
|
|
--
|
|
See <<ref-native-settings>> for all of the options you can set for the `native` realm.
|
|
For example, the following snippet shows a `native` realm configuration that
|
|
sets the `order` to zero so the realm is checked first:
|
|
|
|
[source, yaml]
|
|
------------------------------------------------------------
|
|
xpack:
|
|
security:
|
|
authc:
|
|
realms:
|
|
native:
|
|
native1:
|
|
order: 0
|
|
------------------------------------------------------------
|
|
|
|
NOTE: To limit exposure to credential theft and mitigate credential compromise,
|
|
the native realm stores passwords and caches user credentials according to
|
|
security best practices. By default, a hashed version of user credentials
|
|
is stored in memory, using a salted `sha-256` hash algorithm and a hashed
|
|
version of passwords is stored on disk salted and hashed with the `bcrypt`
|
|
hash algorithm. To use different hash algorithms, see <<hashing-settings>>.
|
|
--
|
|
|
|
. Restart {es}.
|
|
|