cannot change password for role given by example.

Step1: use example given role named readall password: readall login to my cluster

Step2: change the password of readall to 123456 by using hash.sh and use sgadmin.sh update configuration. It seems every things update successfully.

sg_internal_users.yml

readall:

hash: $2a$12$Y7D1zuzJ/tEHT6ings7DFOjsHReA.7GPam6JKRmpaWbbvKTnRKGeK

command

bash plugins/search-guard-2/tools/sgadmin.sh \

-cn np_es \

-h app01.add.bjyt**.qihoo.net** \

-cd plugins/search-guard-2/sgconfig/ \

-ks plugins/search-guard-2/sgconfig/kirk-keystore.jks \

-ts plugins/search-guard-2/sgconfig/truststore.jks \

-nhnv

result of Terminal

Index does already exists

Populate config from /usr/local/elasticsearch-2.3.3/plugins/search-guard-2/sgconfig

Will update ‘config’ with plugins/search-guard-2/sgconfig/sg_config.yml

SUCC Configuration for ‘config’ created or updated

Will update ‘roles’ with plugins/search-guard-2/sgconfig/sg_roles.yml

SUCC Configuration for ‘roles’ created or updated

Will update ‘rolesmapping’ with plugins/search-guard-2/sgconfig/sg_roles_mapping.yml

SUCC Configuration for ‘rolesmapping’ created or updated

Will update ‘internalusers’ with plugins/search-guard-2/sgconfig/sg_internal_users.yml

SUCC Configuration for ‘internalusers’ created or updated

Will update ‘actiongroups’ with plugins/search-guard-2/sgconfig/sg_action_groups.yml

SUCC Configuration for ‘actiongroups’ created or updated

Wait a short time …

Done with success

Step3: use account: readall and password: 123456 login, failed, and try to use readall: readall success !!!

Step 4: Delete readall from sg_internal_users.yml and update using sgadmin.sh. I can still use readall:readall to login.

Should I restart my ES cluster ? OR Do anything else ?

Seems to be a bug, see https://github.com/floragunncom/search-guard/issues/144

Will be fixed in the next release

···

Am 07.07.2016 um 16:13 schrieb Jay Miao <jaymiao55@gmail.com>:

Step1: use example given role named readall password: readall login to my cluster
Step2: change the password of readall to 123456 by using hash.sh and use sgadmin.sh update configuration. It seems every things update successfully.

sg_internal_users.yml

readall:
  hash: $2a$12$Y7D1zuzJ/tEHT6ings7DFOjsHReA.7GPam6JKRmpaWbbvKTnRKGeK

command
     > bash plugins/search-guard-2/tools/sgadmin.sh \
        -cn np_es \
       -h app01.add.bjyt.qihoo.net \
       -cd plugins/search-guard-2/sgconfig/ \
       -ks plugins/search-guard-2/sgconfig/kirk-keystore.jks \
       -ts plugins/search-guard-2/sgconfig/truststore.jks \
       -nhnv

result of Terminal
Index does already exists
Populate config from /usr/local/elasticsearch-2.3.3/plugins/search-guard-2/sgconfig
Will update 'config' with plugins/search-guard-2/sgconfig/sg_config.yml
   SUCC Configuration for 'config' created or updated
Will update 'roles' with plugins/search-guard-2/sgconfig/sg_roles.yml
   SUCC Configuration for 'roles' created or updated
Will update 'rolesmapping' with plugins/search-guard-2/sgconfig/sg_roles_mapping.yml
   SUCC Configuration for 'rolesmapping' created or updated
Will update 'internalusers' with plugins/search-guard-2/sgconfig/sg_internal_users.yml
   SUCC Configuration for 'internalusers' created or updated
Will update 'actiongroups' with plugins/search-guard-2/sgconfig/sg_action_groups.yml
   SUCC Configuration for 'actiongroups' created or updated
Wait a short time ...
Done with success

Step3: use account: readall and password: 123456 login, failed, and try to use readall: readall success !!!!

Step 4: Delete readall from sg_internal_users.yml and update using sgadmin.sh. I can still use readall:readall to login.

Should I restart my ES cluster ? OR Do anything else ?

--
You received this message because you are subscribed to the Google Groups "Search Guard" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search-guard@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/71d4ad19-e88f-4a98-bc19-04df255133ed%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.