elasticsearch/docs/reference/security/authentication/configuring-native-realm.asciidoc

The native realm is available and enabled by default. You can disable it explicitly with the following snippet. 

[source,yaml]
----------------------------------------
xpack.security.authc.realms.native.native1:
  enabled: false
----------------------------------------

You can configure a `native` realm in the `xpack.security.authc.realms.native`
namespace in `elasticsearch.yml`.
Explicitly configuring a native realm enables you to set the order in which it
appears in the realm chain, temporarily disable the realm, and control its
cache options.

. Add a realm configuration to `elasticsearch.yml` under the
`xpack.security.authc.realms.native` namespace. It is recommended that you
explicitly set the `order` attribute for the realm. 
+
--
NOTE: You can configure only one native realm on {es} nodes.

See <<ref-native-settings>> for all of the options you can set for the `native` realm.
For example, the following snippet shows a `native` realm configuration that
sets the `order` to zero so the realm is checked first:

[source, yaml]
------------------------------------------------------------
xpack.security.authc.realms.native.native1:
  order: 0
------------------------------------------------------------

NOTE: To limit exposure to credential theft and mitigate credential compromise,
the native realm stores passwords and caches user credentials according to
security best practices. By default, a hashed version of user credentials
is stored in memory, using a salted `sha-256` hash algorithm and a hashed
version of passwords is stored on disk salted and hashed with the `bcrypt`
hash algorithm. To use different hash algorithms, see <<hashing-settings>>.
--

. Restart {es}.