My client is planning to run Elasticsearch on Windows servers which users will accessed from Windows machines (server and desktop), all part of an Active Directory domain.
I understand that XPack allows users to authenticate against Active Directory, but one thing I am not clear from the documentation is how users actually pass their credentials to Elasticserver.
Do they need to pass their Windows credentials in each request (e.g. from basic auth headers), or is there a way to use Integrated Windows Authentication (i.e. Kerberos) so that the users' existing logged in identity can be used, without passing credentials to Elasticserver?