I recently tested about searchguard kerberos,But encountered some problems,So I need your help.
this is my elasticsearch.yml
searchguard.ssl.transport.enabled: true
searchguard.ssl.transport.keystore_filepath: node-0-keystore.jks
searchguard.ssl.transport.keystore_password: sg_admin
searchguard.ssl.transport.truststore_filepath: truststore.jks
searchguard.ssl.transport.truststore_password: sg_admin
searchguard.ssl.transport.enforce_hostname_verification: false
searchguard.ssl.transport.resolve_hostname: false
searchguard.ssl.http.enabled: false
searchguard.ssl.http.keystore_filepath: node-0-keystore.jks
searchguard.ssl.http.keystore_password: sg_admin
searchguard.ssl.http.truststore_filepath: truststore.jks
searchguard.ssl.http.truststore_password: sg_admin
searchguard.authcz.admin_dn:
- CN=sg_user_admin, OU=client, O=client, L=Test, C=DE
- CN=s_elasticsearch, OU=client, O=client, L=Test, C=DE
searchguard.kerberos.krb5_filepath: krb5.conf
searchguard.kerberos.acceptor_keytab_filepath: s_elasticsearch.keytab
searchguard.kerberos.acceptor_principal: HTTP/HADOOP
sg_config.yml
kerberos_auth_domain:
enabled: true
order: 1
http_authenticator:
type: kerberos # NOT FREE FOR COMMERCIAL USE
challenge: true
config:
# If true a lot of kerberos/security related debugging output will be logged to standard out
krb_debug: true
# If true then the realm will be stripped from the user name
strip_realm_from_principal: true
authentication_backend:
type: noop
How have I used curl to visit ?