I'm trying to set up tiered realms in my elasticsearch.yml. I'd think that the following realm config:
xpack.security.authc.realms: native1: type: native order: 1 pki1: type: pki order: 0
Would give me the ability to preferentially log in with PKI, with a fallback to native auth. As it is, I'm only getting PKI prompts, even when explicitly specifying the elastic user credentials.
Is there a way to tell Elasticsearch that I want to authenticate via PKI OR via native, whichever the client can supply?