The ES docs for FIPS 140.2 compliance refers to making changes to the hashing methods. Those docs state.
You must set the cache.hash_algo realm settings and the xpack.security.authc.password_hashing.algorithm setting to one of the PBKDF2 values.
I can see where to put the xpack.security.authc.password_hashing value - but I cannot locate any docs on the cache.hash_algo realm setting. Any idea?
I believe it should go in the block of data under your realm configuration. For example, if you are using LDAP:
xpack:
security:
authc:
realms:
ldap1:
type: ldap
[...]
cache.hash_algo: "pbkdf2_50000"
It's described under LDAP settings on the security settings page. The other realm configurations also have it listed.
I haven't tried this configuration out, but I hope this points you in the right direction.
-William
thank you, that seems to have done it.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
Ā© 2018. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or otherĀ countries.