Searchguard kerberos Authentication , need help!

I recently tested about searchguard kerberos,But encountered some problems,So I need your help.

this is my elasticsearch.yml

searchguard.ssl.transport.enabled: true
searchguard.ssl.transport.keystore_filepath: node-0-keystore.jks
searchguard.ssl.transport.keystore_password: sg_admin
searchguard.ssl.transport.truststore_filepath: truststore.jks
searchguard.ssl.transport.truststore_password: sg_admin
searchguard.ssl.transport.enforce_hostname_verification: false
searchguard.ssl.transport.resolve_hostname: false

searchguard.ssl.http.enabled: false
searchguard.ssl.http.keystore_filepath: node-0-keystore.jks
searchguard.ssl.http.keystore_password: sg_admin
searchguard.ssl.http.truststore_filepath: truststore.jks
searchguard.ssl.http.truststore_password: sg_admin

searchguard.authcz.admin_dn:

• CN=sg_user_admin, OU=client, O=client, L=Test, C=DE
• CN=s_elasticsearch, OU=client, O=client, L=Test, C=DE

searchguard.kerberos.krb5_filepath: krb5.conf
searchguard.kerberos.acceptor_keytab_filepath: s_elasticsearch.keytab
searchguard.kerberos.acceptor_principal: HTTP/HADOOP

sg_config.yml

kerberos_auth_domain:
enabled: true
order: 1
http_authenticator:
type: kerberos # NOT FREE FOR COMMERCIAL USE
challenge: true
config:
# If true a lot of kerberos/security related debugging output will be logged to standard out
krb_debug: true
# If true then the realm will be stripped from the user name
strip_realm_from_principal: true
authentication_backend:
type: noop

How have I used curl to visit ?

You will need to ask the developers of that product, it's unlikely anyone here will be able to help.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.