From b8bf7a2f1d5bee3c5d6550589119c5d8aa996de4 Mon Sep 17 00:00:00 2001 From: aetter Date: Sun, 11 Jul 2021 18:10:36 -0700 Subject: [PATCH] Add link recommending password policy --- _security-plugin/configuration/index.md | 1 + _security-plugin/configuration/yaml.md | 5 +++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/_security-plugin/configuration/index.md b/_security-plugin/configuration/index.md index 6ce2565f..90d53e62 100644 --- a/_security-plugin/configuration/index.md +++ b/_security-plugin/configuration/index.md @@ -17,6 +17,7 @@ The plugin includes demo certificates so that you can get up and running quickly 1. [Reconfigure opensearch.yml to use your certificates]({{site.url}}{{site.baseurl}}/security-plugin/configuration/tls). 1. [Reconfigure config.yml to use your authentication backend]({{site.url}}{{site.baseurl}}/security-plugin/configuration/configuration/) (if you don't plan to use the internal user database). 1. [Modify the configuration YAML files]({{site.url}}{{site.baseurl}}/security-plugin/configuration/yaml). +1. If you plan to use the internal user database, [set a password policy in opensearch.yml]({{site.url}}{{site.baseurl}}/security-plugin/configuration/yaml/#opensearchyml). 1. [Apply changes using securityadmin.sh]({{site.url}}{{site.baseurl}}/security-plugin/configuration/security-admin). 1. Start OpenSearch. 1. [Add users, roles, role mappings, and tenants]({{site.url}}{{site.baseurl}}/security-plugin/access-control/index/). diff --git a/_security-plugin/configuration/yaml.md b/_security-plugin/configuration/yaml.md index 302d853f..066a7d76 100644 --- a/_security-plugin/configuration/yaml.md +++ b/_security-plugin/configuration/yaml.md @@ -91,7 +91,7 @@ snapshotrestore: ## opensearch.yml -This file contains relative file paths to TLS certificates and their attributes, such as distinguished names and trusted certificate authorities. +In addition to many OpenSearch settings, this file contains paths to TLS certificates and their attributes, such as distinguished names and trusted certificate authorities. ```yml plugins.security.ssl.transport.pemcert_filepath: esnode.pem @@ -116,7 +116,7 @@ plugins.security.system_indices.indices: [".opendistro-alerting-config", ".opend node.max_local_storage_nodes: 3 ``` -If you want to run your users' passwords against some validation, you can specify the necessary regex in this file. You can also include an error message that loads if any passwords don't pass validation. The following example demonstrates how to include a regex so OpenSearch requires new passwords to be a minimum of eight characters with at least one uppercase, one lowercase, one digit, and one special character. +If you want to run your users' passwords against some validation, specify a regular expression (regex) in this file. You can also include an error message that loads when passwords don't pass validation. The following example demonstrates how to include a regex so OpenSearch requires new passwords to be a minimum of eight characters with at least one uppercase, one lowercase, one digit, and one special character. Note that OpenSearch validates only users and passwords created through OpenSearch Dashboards or the REST API. @@ -125,6 +125,7 @@ plugins.restapi.password_validation_regex: '(?=.*[A-Z])(?=.*[^a-zA-Z\d])(?=.*[0- plugins.restapi.password_validation_error_message: "Password must be minimum 8 characters long and must contain at least one uppercase letter, one lowercase letter, one digit, and one special character." ``` + ## roles.yml This file contains any initial roles that you want to add to the security plugin. Aside from some metadata, the default file is empty, because the security plugin has a number of static roles that it adds automatically.