Disabling shield user caching

security

(Kiran Reddy) #1

Hello everyone,

I am have installed ES, Kibana and Shield.

I have also configured shield to authenticate users when logging into ES, Kibana everything is working fine except that shield asks for the user credentials just once when logging into kibana. The next time i access it assumes i am using the same user and does not ask for the credential. I need the user to be authenticated when ever we submit a request.

When i did some research i found out that i needed to modify the elasticserarch.yml file to include the esuser realm and the property called cache.ttl which i have set to 2 ms meaning that every 2 millisecond the user cache expires but this is not working can someone tell me if this is the right way to do it? if not please tell me how.

Thank you in advance


(Jay Modi) #2

Hi Kiran,

Can you clarify the versions of Elasticsearch, Shield, and Kibana that you are using? Also, do you have the Shield plugin installed in Kibana?

-Jay


(Kiran Reddy) #3

Hi Jay,

I am using

ElasticSearch 2.3.3
Kibana 4.5.1
shield 2.3.3
Yes i have the plugin installed.

I just want to remove the feature of user caching and force the Shield to authenticate the user for all requests (not once every 20mins or 30mins). I did some research on the portal and added a few properties like cache.ttl for the esuser realm in the elasticsearch.yml file but to no avail.


(Jay Modi) #4

I think there is a misunderstanding about what Shield's user caching does. The user caching is on the elasticsearch side and allows for faster authentication but does not disable authentication completely. The user cache changes you are trying will not do anything for the Shield Kibana Session.

It actually sounds like you want to disable the Kibana sessions; I do not believe this method of operation is something we can currently support.


(Kiran Reddy) #5

got it jay thank you for your help :slight_smile:


(system) #6