Enabling fips - ES 6.8

The ES docs for FIPS 140.2 compliance refers to making changes to the hashing methods. Those docs state.

You must set the cache.hash_algo realm settings and the xpack.security.authc.password_hashing.algorithm setting to one of the PBKDF2 values.

I can see where to put the xpack.security.authc.password_hashing value - but I cannot locate any docs on the cache.hash_algo realm setting. Any idea?

I believe it should go in the block of data under your realm configuration. For example, if you are using LDAP:

xpack:
  security:
    authc:
      realms:
        ldap1:
          type: ldap
          [...]
          cache.hash_algo: "pbkdf2_50000"

It's described under LDAP settings on the security settings page. The other realm configurations also have it listed.

I haven't tried this configuration out, but I hope this points you in the right direction.

-William

1 Like

thank you, that seems to have done it.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.