The sgctl
tool instructs us to move the acceptor_principal
and acceptor_keytab
from elasticsearch.yml
to sgconfig’s sg_authc.yml
. However, there is no mention of the krb5_filepath
option.
Should that stay in elasticsearch.yml
or move too ?
You have two options:
- Either add
kerberos.krb5_config_file: /path/to/the/file
to thetype: kerberos
section insg_authc.yml
. The default is/etc/krb5.conf
so you do not specify it if your file is there. - Or, the kind of more standard Java way: Add
kerberos.use_system_properties
instead tosg_authc.yml
and start each node with-Djava.security.krb5.conf=/path/to/the/file
.
This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.