How to disable X-Pack http basic auth keeping SSL?


(Gleb Mendrul) #1

Hi ,

I have the following use case:
I need to use https/ssl in elasticsearch but disable http basic auth.

My configuration is following:

cluster.name: "docker-cluster"
network.host: 0.0.0.0
discovery.zen.minimum_master_nodes: 1
xpack.ssl.key: /usr/share/elasticsearch/config/x-pack//node1.key
xpack.ssl.certificate: /usr/share/elasticsearch/config/x-pack/node1.crt
xpack.ssl.certificate_authorities: [ "/usr/share/elasticsearch/config/x-pack/ca.crt" ]
xpack.security.transport.ssl.enabled: true
xpack.security.http.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate

What are the means to do this ?

Thank you in advance !

Regards,
Gleb


Elastic shield for ssl
(Tim Vernum) #2

You need to implement this by enabling anonymous access.

SSL is tied into the same feature setting as authentication, so you cannot enable SSL without also enabling authentication.

First, a warning:
Are you really sure you want to do this?
It seems quite strange to want to use the confidentiality and integrity features that SSL provides, but then have absolutely no authentication or access controls on your data.
If you think you need https, then you should really consider enabling authentication as well.

Now, for enabling anonymous access, see here: Action [cluster:monitor/main] is unauthorized for user


(Gleb Mendrul) #3

@TimV, thank you for response , solution that you provided works !
Unfortunately, I need to disable basic authentication because of requirements.

Thanks !

Regards,
Gleb


(system) #4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.