Home Explore Help
Sign In
lqb
/
elasticsearch
mirror of https://gitee.com/mirrors/elasticsearch.git
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

[DOCS] Document authorization_realms for Kerberos realm (#35927)

This commit adds documentation for authorization_realms
setting for the Kerberos realm and also corrects a typo in
existing documentation.

Co-authored-by: @A-Hall
Yogesh Gaikwad 6 years ago
parent
df1e02d0d5
commit
31fdb76973
1 changed files with 9 additions and 3 deletions
Split View Show Diff Stats
  1. 9 3
      docs/reference/settings/security-settings.asciidoc

+ 9 - 3
docs/reference/settings/security-settings.asciidoc
View File 

@@ -285,7 +285,7 @@ this setting is not valid. For more information on
 
 the different modes, see {xpack-ref}/ldap-realm.html[LDAP realms].
 
 
 `authorization_realms`::
 
-The names of the realms that should be consulted for delegate authorization.
 
+The names of the realms that should be consulted for delegated authorization.
 
 If this setting is used, then the LDAP realm does not perform role mapping and
 
 instead loads the user from the listed realms. The referenced realms are
 
 consulted in the order that they are defined in this list.
 
@@ -794,7 +794,7 @@ Specifies the {xpack-ref}/security-files.html[location] of the
 
 Defaults to `ES_PATH_CONF/role_mapping.yml`.
 
 
 `authorization_realms`::
 
-The names of the realms that should be consulted for delegate authorization.
 
+The names of the realms that should be consulted for delegated authorization.
 
 If this setting is used, then the PKI realm does not perform role mapping and
 
 instead loads the user from the listed realms.
 
 See {stack-ov}/realm-chains.html#authorization_realms[Delegating authorization to another realm] 
@@ -923,7 +923,7 @@ Specifies whether to populate the {es} user's metadata with the values that are
 
 provided by the SAML attributes. Defaults to `true`.
 
 
 `authorization_realms`::
 
-The names of the realms that should be consulted for delegate authorization.
 
+The names of the realms that should be consulted for delegated authorization.
 
 If this setting is used, then the SAML realm does not perform role mapping and
 
 instead loads the user from the listed realms.
 
 See {stack-ov}/realm-chains.html#authorization_realms[Delegating authorization to another realm] 
@@ -1170,6 +1170,12 @@ this period of time. Specify the time period using the standard {es}
 
 `cache.max_users`:: The maximum number of user entries that can live in the
 
 cache at any given time. Defaults to 100,000.
 
 
+`authorization_realms`::
 
+The names of the realms that should be consulted for delegated authorization.
 
+If this setting is used, then the Kerberos realm does not perform role mapping and
 
+instead loads the user from the listed realms.
 
+See {stack-ov}/realm-chains.html#authorization_realms[Delegating authorization to another realm]
 
+
 
 [float]
 
 [[load-balancing]]
 
 ===== Load balancing and failover