Integrated Windows Authentication support?

My client is planning to run Elasticsearch on Windows servers which users will accessed from Windows machines (server and desktop), all part of an Active Directory domain.

I understand that XPack allows users to authenticate against Active Directory, but one thing I am not clear from the documentation is how users actually pass their credentials to Elasticserver.

Do they need to pass their Windows credentials in each request (e.g. from basic auth headers), or is there a way to use Integrated Windows Authentication (i.e. Kerberos) so that the users' existing logged in identity can be used, without passing credentials to Elasticserver?

We currently use a LDAP connection to active directory so user's need to pass their credentials with the requests to authenticate. Kerberos is a feature that we have on our roadmap; however it is possible to implement Kerberos support in a custom realm extension.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.