Basic Authentication Issue

security

#1

Hi all,

I am trying to set up Shield on a server, and am following the tutorial on the Elasticsearch website. After installing Shield as instructed, I ran:

bin/shield/esusers useradd es_admin -r admin

and entered a password. Now, I try to use this username-password combination with:

curl -u es_admin -XGET 'http://localhost:9200/'

but am still rejected, the reason being "unable to authenticate user [es_admin] for REST request [/]", even though I know the password I enter is correct.

For reference, I have Elasticsearch 2.3.3 installed in my /opt/ folder. I have seen some threads where people's problems have been solved by moving ES_HOME/config/shield to /etc/elasticsearch/, but this has not helped me. My users and users_roles files in said shield folder seem to indicate that there is a user named es_admin with admin permissions, so I don't see what is going on here. Any help is appreciated.

Thanks!


(Jay Modi) #2

How did you install elasticsearch? Did you use a rpm or deb install?


#3

I installed using RPM


(Jay Modi) #4

Did you modify the configuration directory or anything like that? If you go to your configuration directory does the shield folder exist?


#5

I did not modify it; the shield folder exists but whenever I add a user with the command described above, it does not update the users or users_roles file with any new information.


#6

Okay, this kind of working now for some reason. Not exactly sure what happened or changed... I just recopied /etc/elasticsearch/shield into my config folder (/opt/elasticsearch-2.3.3/config/), and then got some error about not being able to access config files. Then in elasticsearch.yml, I explicitly set path.conf: /etc/elasticsearch/.

Now, the users defined in both /opt/elasticsearch-2.3.3/config/shield/users and /etc/elasticsearch/shield/users are able to be authenticated by shield. However, if I try to add a new user using the "useradd" command, only /etc/elasticsearch/shield/users updates, and this new user isn't recognized.


#7

Now I deleted the config folder entirely from /opt/elasticsearch-2.3.3/config/shield/users, and everything works fine! I am able to add new users and access the protected Elasticsearch URL. I guess changing the path.conf in elasticsearch.yml is what did the trick?


(Jay Modi) #8

What RPM did you install? The official one does not install in /opt. By default for a RPM install, Shield will expect the config directory to be /etc/elasticsearch


#9

I believe I installed the default, but then moved it to /opt/ for some reason at some point. I see now that I shouldn't have done that.


(system) #10