First time poster here.
I've discovered something rather interesting that I'd like someone who understands the underlying authentication a bit better than myself to take a look at. When using ECE We all know there is the built-in user "elastic" which is the default super user which from my understanding is permanent and cannot be modified, or deleted.
However upon looking at the user list in Kibana the elastic user is hidden, so I thought to myself I'd try creating an elastic user and see if it works - Alas it did. So I set a different password as well as different permissions and it took those as well.
Then I tried to login as both the built-in super user which worked, as well as my newly created elastic user which also worked and was assigned appropriate permissions.
This seems like a very weird way to handle password management, how could this be? How is the user database assigning the appropriate profile dependent on what password I give and not on the username itself since there's technically two elastic usernames? Is it taking the password, salt/hashing whatever then comparing it to the hash of the user profiles and authenticating to the appropriate one that matches? This just seems weird and makes me question on how the entire authentication process works.