Hi,
I'm willing to set up an authentification system on my Kibana installation, in order to have one "admin" account which can manage everything he wants on the plateform, and one "viewer" account which can only create/see visualizations, dashboard, use the discovery tab, etc...
(In a nutshell, the admin can access the Dev Tools and Management tabs, and the viewer can't).
I have a ca, and a certificate for my node, and that's what my node configuration looks like :
xpack.security.enabled: true
cluster.name: cluster_de_test_NR
node.name: node-y
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: certs/elastic-certificates.p12
node.max_local_storage_nodes: 2
The problem is that when I start Elasticsearch and execute the command "bin/elasticsearch-setup-passwords interactive", I receive the following error message :
Unexpected response code [403] from calling GET http://127.0.0.1:9200/_security/_authenticate?pretty
It doesn't look like the X-Pack security feature is available on this Elasticsearch node.
Please check if you have installed a license that allows access to X-Pack Security feature.
ERROR: X-Pack Security is not available.
By asking to our common friend Google, I found this topic : Elasticsearch 6.3: X-Pack and remote connection doesn't work where dadoonet explains that the authentification isn't available for basic licenses.
However, when I took a look at elasticsearch subscriptions page, I saw this (I'm sorry the page didn't seems to want to switch in english) :
English equivalent for the 3 lines about Security :
- Crypted Communication
- Role-based access control
- Native and File-based authentification
So, if Native authentification and Role-based access control are available with a basic license, can't I do what I described earlier ?
And if I can, do you have any clue to resolve my problem ?
Thanks a lot for taking the time to read this, and I'm sorry if my english is a bit approximative