Searchguard kerberos Authentication , need help!


(Hexiang55) #1

I recently tested about searchguard kerberos,But encountered some problems,So I need your help.

this is my elasticsearch.yml

searchguard.ssl.transport.enabled: true
searchguard.ssl.transport.keystore_filepath: node-0-keystore.jks
searchguard.ssl.transport.keystore_password: sg_admin
searchguard.ssl.transport.truststore_filepath: truststore.jks
searchguard.ssl.transport.truststore_password: sg_admin
searchguard.ssl.transport.enforce_hostname_verification: false
searchguard.ssl.transport.resolve_hostname: false

searchguard.ssl.http.enabled: false
searchguard.ssl.http.keystore_filepath: node-0-keystore.jks
searchguard.ssl.http.keystore_password: sg_admin
searchguard.ssl.http.truststore_filepath: truststore.jks
searchguard.ssl.http.truststore_password: sg_admin

searchguard.authcz.admin_dn:

  • CN=sg_user_admin, OU=client, O=client, L=Test, C=DE
  • CN=s_elasticsearch, OU=client, O=client, L=Test, C=DE

searchguard.kerberos.krb5_filepath: krb5.conf
searchguard.kerberos.acceptor_keytab_filepath: s_elasticsearch.keytab
searchguard.kerberos.acceptor_principal: HTTP/HADOOP

sg_config.yml

kerberos_auth_domain:
enabled: true
order: 1
http_authenticator:
type: kerberos # NOT FREE FOR COMMERCIAL USE
challenge: true
config:
# If true a lot of kerberos/security related debugging output will be logged to standard out
krb_debug: true
# If true then the realm will be stripped from the user name
strip_realm_from_principal: true
authentication_backend:
type: noop

How have I used curl to visit ?


(Mark Walkom) #2

You will need to ask the developers of that product, it's unlikely anyone here will be able to help.


(system) #3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.