X-Pack Authentication Plugin

mathurin68 · November 3, 2017, 7:07pm

I installed x-pack -
followed everything here, changing passwords, etc -
https://www.elastic.co/guide/en/x-pack/current/security-getting-started.html
Changed all the passwords to new elastic password.

Made sure correct user was owner in all folders i.e. kibana:kibana in /usr/share/kibana

And I can login with new elastic password -
curl -u elastic:newpassword http://localhost:9200
{
"name" : "qrSYXO4",
"cluster_name" : "elasticsearch",
"cluster_uuid" : "IVS7Fb_fQ3mGxFbyqfM-NQ",
"version" : {
"number" : "5.6.3",
"build_hash" : "1a2f265",
"build_date" : "2017-10-06T20:33:39.012Z",
"build_snapshot" : false,
"lucene_version" : "6.6.1"
},
"tagline" : "You Know, for Search"
}

But I can't login to kibana with elastic and newpassword

I tried
curl -u kibana:newpassword http://localhost:5601

I've even added username password to kibana.yml

and when I checked the logs -
[2017-11-03T14:57:17,783][WARN ][o.e.x.s.a.AuthenticationService] [qrSYXO4] An error occurred while attempting to authenticate [logstash_system] against realm [reserved] - ElasticsearchSecurityException[failed to authenticate user [logstash_system]]
[2017-11-03T14:57:17,987][WARN ][o.e.x.s.a.AuthenticationService] [qrSYXO4] An error occurred while attempting to authenticate [logstash_system] against realm [reserved] - ElasticsearchSecurityException[failed to authenticate user [logstash_system]]

Anything else I can try? Thanks!

ikakavas · November 6, 2017, 3:58pm

Hi Matt,

The logs you have shared indicate that the login failure happens for the user logstash_system and not kibana which is the one you attempt to authenticate to kibana with.

For the logstash issue:

Have you changed the default password ?
Have you added this to the logstash.yml configuration file ?
Have you disabled default password support ?

as suggested here ?

For the Kibana issue, can you please retry to authenticate and share the relevant log entries?

TimV · November 6, 2017, 11:26pm

This is not intended to work.
The kibana user is the user that Kibana uses to access Elasticsearch, not a user that you should use to login to Kibana.
Our recommended approach is that you

Configure kibana (kibana.yml) to use the kibana user and password for accessing ES.
Login to Kibana (using a browser) using the elastic user (which is a superuser)
Using that superuser, create a new low-privilege user for accessing Kibana, and then use that new user for future Kibana access.

Details are here: Kibana and Security | X-Pack for the Elastic Stack [5.6] | Elastic

mathurin68 · November 7, 2017, 7:18pm

Alright got it but now getting totally new error -
[logstash.outputs.elasticsearch] Encountered a retryable error. Will Retry with exponential backoff {:code=>403, :url=>"http://10.68.168.21:9200/_bulk"}

I'll start a new question.

Thanks!!

Topic		Replies	Views
Can't Authenticate Kibana to Elasticsearch Kibana	9	12437	January 4, 2018
Kibana log in is currently disabled. administrators should consult the kibana logs for more details Kibana	2	12069	January 2, 2018
X-Pack Kibana failed to authenticate user Kibana	5	24325	February 26, 2018
Elasticsearch: Couldn't login as the user Elastic Elasticsearch	6	18444	August 7, 2018
Authentication is not working after it got enabled Elasticsearch elastic-stack-security	8	2396	January 7, 2021

X-Pack Authentication Plugin

Related topics