About the new FLX location of krb5_filepath

The sgctl tool instructs us to move the acceptor_principal and acceptor_keytab from elasticsearch.yml to sgconfig’s sg_authc.yml. However, there is no mention of the krb5_filepath option.
Should that stay in elasticsearch.yml or move too ?

You have two options:

  • Either add kerberos.krb5_config_file: /path/to/the/file to the type: kerberos section in sg_authc.yml. The default is /etc/krb5.conf so you do not specify it if your file is there.
  • Or, the kind of more standard Java way: Add kerberos.use_system_properties instead to sg_authc.yml and start each node with -Djava.security.krb5.conf=/path/to/the/file.

See also Kerberos / SPNEGO | Security for Elasticsearch | Search Guard

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.