About the Kibana security


If your Elasticsearch is protected with basic authentication, these settings provide

the username and password that the Kibana server uses to perform maintenance on the Kibana

index at startup. Your Kibana users still need to authenticate with Elasticsearch, which

is proxied through the Kibana server.

elasticsearch.username: "kibana"
elasticsearch.password: "xxxxxx"

ES Version 7.3.1
Kibana Version 7.3.1
have two nodes in my cluster. Using "elasticsearch-setup-passwords auto" command to generate user and password, and then I modify the kibana.conf as above in the pic. In the follow step ,I restart kibana.
When I enter the user"elastic"and its password in the kibana UI, I succeed.
But when I enter user"kibana" and its password I found it cannot work error like "{
"statusCode": 403,
"error": "Forbidden",
"message": "Forbidden"

I cannot understand that is why. Since it is so, why I set kibana's username and password because I could not logon kibana UI with it.

Please don't post images of text as they are hard to read, may not display correctly for everyone, and are not searchable.

Instead, paste the text and format it with </> icon or pairs of triple backticks (```), and check the preview window to make sure it's properly formatted before posting it. This makes it more likely that your question will receive a useful answer.

It would be great if you could update your post to solve this.

As described also in the comments in the file you reference, the kibana built-in user is meant to be used by Kibana server so that it can communicate with Elasticsearch and this is why you configure its value in the kibana.yml file.
This is not meant to be used by end users to authenticate to Kibana and Elasticsearch.

In short, what you experience is the expected and correct behavior :slight_smile:

Hope this helps

thx for ur help.
u mean the conf of user and password config in kibana.conf is used to communicate between es and kibana not for end users.
For end user, we can using user"elastic"to logon kibana UI and add some new users at the panel. Is is right?


right :slight_smile:

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.