Home Explore Help
Sign In
lqb
/
elasticsearch
mirror of https://gitee.com/mirrors/elasticsearch.git
1
0
Fork 0
Files Issues 0 Wiki
Tree: 65d4f27873
Branches Tags
elasticsearch
/
x-pack
/
docs
/
en
/
security
/
authentication
/
configuring-native-realm.asciidoc

configuring-native-realm.asciidoc 2.0 KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950 
  1. [role="xpack"]
    2. 

  2. [[configuring-native-realm]]
    3. 

  3. === Configuring a native realm
    4. 

  4. 

  5. The easiest way to manage and authenticate users is with the internal `native`
    6. 

  6. realm. 
    7. 

  7. 

  8. The native realm is available by default when no other realms are 
    9. 

  9. configured. If other realm settings have been configured in `elasticsearch.yml`, 
    10. 

  10. you must add the native realm to the realm chain.
    11. 

  11. 

  12. You can configure options for the `native` realm in the 
    13. 

  13. `xpack.security.authc.realms` namespace in `elasticsearch.yml`. Explicitly
    14. 

  14. configuring a native realm enables you to set the order in which it appears in
    15. 

  15. the realm chain, temporarily disable the realm, and control its cache options.
    16. 

  16. 

  17. . Add a realm configuration of type `native` to `elasticsearch.yml` under the
    18. 

  18. `xpack.security.authc.realms` namespace. At a minimum, you must set the realm
    19. 

  19. `type` to `native`. If you are configuring multiple realms, you should also
    20. 

  20. explicitly set the `order` attribute. 
    21. 

  21. +
    22. 

  22. --
    23. 

  23. See <<ref-native-settings>> for all of the options you can set for the `native` realm.
    24. 

  24. For example, the following snippet shows a `native` realm configuration that
    25. 

  25. sets the `order` to zero so the realm is checked first:
    26. 

  26. 

  27. [source, yaml]
    28. 

  28. ------------------------------------------------------------
    29. 

  29. xpack:
    30. 

  30.   security:
    31. 

  31.     authc:
    32. 

  32.       realms:
    33. 

  33.         native1:
    34. 

  34.           type: native
    35. 

  35.           order: 0
    36. 

  36. ------------------------------------------------------------
    37. 

  37. 

  38. NOTE: To limit exposure to credential theft and mitigate credential compromise,
    39. 

  39. the native realm stores passwords and caches user credentials according to
    40. 

  40. security best practices. By default, a hashed version of user credentials
    41. 

  41. is stored in memory, using a salted `sha-256` hash algorithm and a hashed
    42. 

  42. version of passwords is stored on disk salted and hashed with the `bcrypt`
    43. 

  43. hash algorithm. To use different hash algorithms, see <<hashing-settings>>.
    44. 

  44. --
    45. 

  45. 

  46. . Restart {es}.
    47. 

  47. 

  48. . Manage your users in {kib} on the *Management / Security / Users* page. 
    49. 

  49. Alternatively, use the <<security-api-users,User Management APIs>>.
    50. 

  50.