we have ELK stack (7.8.0) deployed on our on-premise server. We user docker-compose deployment and currently we are using Trial license. We would like to authenticate domain users when logging in Kibana.
Kerberos is fully deployed on the on-premise server, where docker-compose is running and I copied krb5.conf and krb5.keytab files to the Elasticsearch container, created a role binding and enabled debug (krb.debug: true). Trying to log with the same credentials as to on-premise server.
I can't see any logs in Elastic container and I can't figure it out what's happening and where is the problem.
also, how exactly are you trying to authenticate ? You wouldn't need to enter credentials in Kibana, you would have to kinit on the machine where you want to SSO with kerberos from and the authentication should happen automatically if your browser supports it/is configured
You need to check the docs here - bottom of the page on how to enable the troubleshooting. See here for how to set the necessary JVM options in docker so that you can see all debug logs in your docker logs
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.