Connect to elasticsearch(open kerberos ),The authentication fails, when elasticsearch responds with 401(Negotiate), nothing happens,Normal logic should go to kdc to request processing
Why doesn't filebeat request kerberos kdc in response to 401?
Successfully access elasticsearch,kibanan (open kerberos) from the browser
Access to elasticsearch in curl is also successful
Version: filebeat 7.10.1 elasticsearch 7.10.1 kibanan 7.10.1
Operating System: centos7
Discuss Forum URL:
Steps to Reproduce:
debug log
2021-01-08T15:29:45.251+0800 INFO eslegclient/connection.go:99 elasticsearch url: https://192.168.174.1:9200
2021-01-08T15:29:45.253+0800 INFO eslegclient/connection.go:159 kerberos client created
2021-01-08T15:29:55.436+0800 ERROR [publisher_pipeline_output] pipeline/output.go:154 Failed to connect to backoff(elasticsearch(https://192.168.174.1:9200)): 401 Unauthorized: {"error":{"root_cause":[{"type":"security_exception","reason":"missing authentication credentials for REST request [/]","header":{"WWW-Authenticate":["Basic realm="security" charset="UTF-8"","Negotiate","Bearer realm="security"","ApiKey"]}}],"type":"security_exception","reason":"missing authentication credentials for REST request [/]","header":{"WWW-Authenticate":["Basic realm="security" charset="UTF-8"","Negotiate","Bearer realm="security"","ApiKey"]}},"status":401}
filebeat.yml
output.elasticsearch:
hosts: ["192.168.174.133:9200"]
protocol: "https"
kerberos.enabled: true
kerberos.auth_type: keytab
kerberos.keytab: /etc/elastic.keytab
kerberos.config_path: /etc/krb5.conf
kerberos.username: elastic
kerberos.realm: EXAMPLE.COM
ssl.certificate_authorities: ["/etc/filebeat/elasticsearch-ca.pem"]
elasticsearch config
xpack.security.enabled: true
xpack.security.audit.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: "http.p12"
xpack.security.authc.token.enabled: true
http.cors.enabled: true
http.cors.allow-origin: "*"
http.cors.allow-headers: Authorization
xpack.security.authc.realms.kerberos.kerb1:
order: 1
keytab.path: es24.keytab
remove_realm_name: false
krb.debug: true
krb5.conf
includedir /etc/krb5.conf.d/
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
dns_lookup_realm = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
rdns = false
pkinit_anchors = FILE:/etc/pki/tls/certs/ca-bundle.crt
default_realm = EXAMPLE.COM
default_ccache_name = KEYRING:persistent:%{uid}
[realms]
EXAMPLE.COM = {
kdc = 192.168.174.132
admin_server = 192.168.174.132
default_domain = example.com
}
[domain_realm]
.example.com = EXAMPLE.COM
example.com = EXAMPLE.COM
kdc.conf
[kdcdefaults]
kdc_ports = 88
kdc_tcp_ports = 88
[realms]
EXAMPLE.COM = {
acl_file = /var/kerberos/krb5kdc/kadm5.acl
dict_file = /usr/share/dict/words
admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab
supported_enctypes = aes256-cts:normal aes128-cts:normal des3-hmac-sha1:normal arcfour-hmac:normal camellia256-cts:normal camellia128-cts:normal des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal
}