X-Pack Authentication Plugin

mathurin68 · November 3, 2017, 7:07pm

I installed x-pack -
followed everything here, changing passwords, etc -
https://www.elastic.co/guide/en/x-pack/current/security-getting-started.html
Changed all the passwords to new elastic password.

Made sure correct user was owner in all folders i.e. kibana:kibana in /usr/share/kibana

And I can login with new elastic password -
curl -u elastic:newpassword http://localhost:9200
{
"name" : "qrSYXO4",
"cluster_name" : "elasticsearch",
"cluster_uuid" : "IVS7Fb_fQ3mGxFbyqfM-NQ",
"version" : {
"number" : "5.6.3",
"build_hash" : "1a2f265",
"build_date" : "2017-10-06T20:33:39.012Z",
"build_snapshot" : false,
"lucene_version" : "6.6.1"
},
"tagline" : "You Know, for Search"
}

But I can't login to kibana with elastic and newpassword

I tried
curl -u kibana:newpassword http://localhost:5601

I've even added username password to kibana.yml

and when I checked the logs -
[2017-11-03T14:57:17,783][WARN ][o.e.x.s.a.AuthenticationService] [qrSYXO4] An error occurred while attempting to authenticate [logstash_system] against realm [reserved] - ElasticsearchSecurityException[failed to authenticate user [logstash_system]]
[2017-11-03T14:57:17,987][WARN ][o.e.x.s.a.AuthenticationService] [qrSYXO4] An error occurred while attempting to authenticate [logstash_system] against realm [reserved] - ElasticsearchSecurityException[failed to authenticate user [logstash_system]]

Anything else I can try? Thanks!

ikakavas · November 6, 2017, 3:58pm

Hi Matt,

The logs you have shared indicate that the login failure happens for the user logstash_system and not kibana which is the one you attempt to authenticate to kibana with.

For the logstash issue:

Have you changed the default password ?
Have you added this to the logstash.yml configuration file ?
Have you disabled default password support ?

as suggested here ?

For the Kibana issue, can you please retry to authenticate and share the relevant log entries?

TimV · November 6, 2017, 11:26pm

This is not intended to work.
The kibana user is the user that Kibana uses to access Elasticsearch, not a user that you should use to login to Kibana.
Our recommended approach is that you

Configure kibana (kibana.yml) to use the kibana user and password for accessing ES.
Login to Kibana (using a browser) using the elastic user (which is a superuser)
Using that superuser, create a new low-privilege user for accessing Kibana, and then use that new user for future Kibana access.

Details are here: Kibana and Security | X-Pack for the Elastic Stack [5.6] | Elastic

mathurin68 · November 7, 2017, 7:18pm

Alright got it but now getting totally new error -
[logstash.outputs.elasticsearch] Encountered a retryable error. Will Retry with exponential backoff {:code=>403, :url=>"http://10.68.168.21:9200/_bulk"}

I'll start a new question.

Thanks!!

system · December 5, 2017, 7:18pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.