About the new FLX location of krb5_filepath

faxmodem · February 16, 2023, 10:01am

The sgctl tool instructs us to move the acceptor_principal and acceptor_keytab from elasticsearch.yml to sgconfig’s sg_authc.yml. However, there is no mention of the krb5_filepath option.
Should that stay in elasticsearch.yml or move too ?

nils · February 16, 2023, 11:28am

You have two options:

Either add kerberos.krb5_config_file: /path/to/the/file to the type: kerberos section in sg_authc.yml. The default is /etc/krb5.conf so you do not specify it if your file is there.
Or, the kind of more standard Java way: Add kerberos.use_system_properties instead to sg_authc.yml and start each node with -Djava.security.krb5.conf=/path/to/the/file.

nils · February 16, 2023, 11:29am

See also Kerberos / SPNEGO | Security for Elasticsearch | Search Guard

system · March 9, 2023, 11:29am

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Missing file keystore.jks Search Guard	2	416	April 21, 2016
enabling kerberos Search Guard	30	2614	January 31, 2017
Still unable to connect to ldap due to empty truststore filepath Search Guard	3	601	July 31, 2019
Search Guard Setup Search Guard	3	325	March 26, 2016
[search-guard group] sgadmin.sh related problem Search Guard	0	335	January 27, 2017

About the new FLX location of krb5_filepath

Related Topics