Connect Elasticsearch Kerberos realm using java Rest Client

Can you give code sample/snippets of how java Rest Client can connect to an Elasticsearch cluster having configured Kerberos Realm authentication.

Hi @dhrchatt,

If you follow the java rest client guide you can see the way to use HttpClientConfigCallback for customisation:
https://www.elastic.co/guide/en/elasticsearch/client/java-rest/current/_basic_authentication.html

An example implementation which might help you:

Hope this helps.

Thanks and Regards,
Yogesh Gaikwad

1 Like

Hi @dhrchatt,

The value for the config name CRED_CONF_NAME = "ESClientLoginConf" can be anything.
Instead of jaas conf we are using in memory configuration.
Hope this helps.

Regards,
Yogesh Gaikwad

1 Like

Hi Yogesh,
In my case, the KDC and target server are in different machines (different IP/HOST and port). Where are we specifying KDC server details ? Also, the krb5.conf file used in testing, should it refer to the path of the file in machine where KDC is configured ?

Thanks.

Hi @dhrchatt,

I am assuming you are asking this on the client side.
The machine you are running the java rest client, you will also have a krb5.conf which has the Kerberos configuration information. If you do not have one on the client machine then you will need to get one. This file has the KDC locations and admin server locations and used by the client to get the Kerberos tickets. kdc is the tag underwhich you will have kdc locations. Refer: https://web.mit.edu/kerberos/krb5-1.12/doc/admin/conf_files/krb5_conf.html

This sections from Java docs should help you how Java determines the location of krb5.conf and if it finds one then uses it by default
https://docs.oracle.com/en/java/javase/12/security/kerberos-requirements.html#GUID-0C6413BA-417B-493D-BC89-F9FB90D5E641

Hope this helps.

Thanks and Regards,
Yogesh Gaikwad

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.