S_Chase
(S Chase)
October 23, 2019, 3:54pm
1
The ES docs for FIPS 140.2 compliance refers to making changes to the hashing methods. Those docs state.
You must set the cache.hash_algo realm settings and the xpack.security.authc.password_hashing.algorithm setting to one of the PBKDF2 values.
I can see where to put the xpack.security.authc.password_hashing value - but I cannot locate any docs on the cache.hash_algo realm setting. Any idea?
I believe it should go in the block of data under your realm configuration. For example, if you are using LDAP:
xpack:
security:
authc:
realms:
ldap1:
type: ldap
[...]
cache.hash_algo: "pbkdf2_50000"
It's described under LDAP settings on the security settings page . The other realm configurations also have it listed.
I haven't tried this configuration out, but I hope this points you in the right direction.
-William
1 Like
S_Chase
(S Chase)
October 24, 2019, 3:10pm
3
thank you, that seems to have done it.
system
(system)
Closed
November 21, 2019, 3:10pm
4
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.