Even if the kibana_server credentials are included in the kibana.yml, we will still need to use a reverse proxy to implement PKI user authentication, correct? This is what I'm seeing in my test.
There is a comment in the Kibana.yml file that says "Your Kibana users still need to authenticate with Elasticsearch, which is proxied through the Kibana server." I have elasticsearch setup to handle PKI auth, and it works well when connecting from a browser directly into elasticsearch's 9200 port. But when I try to authenticate through Kibana's 5601 port, it will not accept PKI auth, but insists on user/password.
Is there any way to require PKI user authentication for Kibana users without using a proxy?