mirror of
https://github.com/iSharkFly-Docs/opensearch-docs-cn
synced 2025-02-15 00:44:43 +00:00
82d0482198
* readd auth token doc Signed-off-by: Stephen Crawford <steecraw@amazon.com> * Fix vale Signed-off-by: Stephen Crawford <steecraw@amazon.com> * Update _security/access-control/authentication-tokens.md Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Apply suggestions from code review Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Apply suggestions from code review Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Fix embedded command Signed-off-by: Stephen Crawford <steecraw@amazon.com> * Blank lines after headings Signed-off-by: Stephen Crawford <steecraw@amazon.com> * Update _security/access-control/authentication-tokens.md Co-authored-by: Melissa Vagi <vagimeli@amazon.com> Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Co-authored-by: Melissa Vagi <vagimeli@amazon.com> Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Co-authored-by: Melissa Vagi <vagimeli@amazon.com> Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Co-authored-by: Melissa Vagi <vagimeli@amazon.com> Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * change Signed-off-by: Stephen Crawford <steecraw@amazon.com> * Update _security/access-control/authentication-tokens.md Co-authored-by: Melissa Vagi <vagimeli@amazon.com> Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Co-authored-by: Melissa Vagi <vagimeli@amazon.com> Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Co-authored-by: Melissa Vagi <vagimeli@amazon.com> Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Co-authored-by: Melissa Vagi <vagimeli@amazon.com> Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Co-authored-by: Melissa Vagi <vagimeli@amazon.com> Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Co-authored-by: Melissa Vagi <vagimeli@amazon.com> Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Melissa Vagi <vagimeli@amazon.com> Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Style guidelines Signed-off-by: Stephen Crawford <steecraw@amazon.com> * Update _security/access-control/authentication-tokens.md Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Apply suggestions from code review Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Clarify anonymous auth Signed-off-by: Stephen Crawford <steecraw@amazon.com> * remove auth token doc Signed-off-by: Stephen Crawford <steecraw@amazon.com> * Doc review changes Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * fix links Signed-off-by: Stephen Crawford <steecraw@amazon.com> * missed one Signed-off-by: Stephen Crawford <steecraw@amazon.com> * Fix links Signed-off-by: Stephen Crawford <steecraw@amazon.com> * Apply suggestions from code review Co-authored-by: Nathan Bower <nbower@amazon.com> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> --------- Signed-off-by: Stephen Crawford <steecraw@amazon.com> Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Co-authored-by: Melissa Vagi <vagimeli@amazon.com> Co-authored-by: Fanit Kolchina <kolchfa@amazon.com> Co-authored-by: Nathan Bower <nbower@amazon.com>
3.6 KiB
3.6 KiB
| layout | title | parent | nav_order |
|---|---|---|---|
| default | Anonymous authentication | Access control | 145 |
Anonymous authentication
The Security plugin supports anonymous authentication, through which a user is able to access a cluster without providing credentials. This is useful in cases where you want lots of people to be able to access your cluster with a common set of privileges.
Configuration
To enable anonymous authentication, you need to modify the config.yml file inside the opensearch-security configuration subdirectory of your cluster.
In the config.yml file, there is an http section, which includes the anonymous_auth_enabled setting:
http:
anonymous_auth_enabled: <true|false>
...
The following table describes the anonymous_auth_enabled setting. For more information, see the configuration file overview.
| Setting | Description |
|---|---|
anonymous_auth_enabled |
Either enables or disables anonymous authentication. When you enable anonymous authentication, all defined HTTP authenticators are non-challenging. See The challenge setting. |
If you disable anonymous authentication, you must provide at least one authc in order for the Security plugin to initialize successfully.
{: .important }
Defining anonymous authentication privileges
When anonymous authentication is enabled, your defined HTTP authenticators still try to find user credentials inside your HTTP request. If credentials are found, the user is authenticated. If none are found, the user is authenticated as an anonymous user.
All anonymous users have the username anonymous and a single role named anonymous_backendrole.
You can configure the privileges associated with the opendistro_security_anonymous_backendrole in the roles.yml file.
We recommend that your defined role have very limited privileges. Generally, an anonymous user should never be able to write to your cluster. {: .important}
The following is an example role definition for an anonymous_users_role. You can use this example as a reference for defining your own role in the roles.yml file:
anonymous_users_role:
reserved: false
hidden: false
cluster_permissions:
- "OPENDISTRO_SECURITY_CLUSTER_COMPOSITE_OPS"
index_permissions:
- index_patterns:
- "public_index_*"
allowed_actions:
- "read"
{% include copy.html %}
Then, in the roles_mapping.yml file, you can define the appropriate mapping for this new role:
anonymous_users_role:
reserved: false
hidden: false
backend_roles: ["opendistro_security_anonymous_backendrole"]
hosts: []
{% include copy.html %}
Notice that the role is mapped to opendistro_security_anonymous_backendrole, which means that all users with the anonymous user backend role will have these privileges.
Alternatively, you can complete these steps using the REST API or OpenSearch Dashboards.