Hello !
I have some troubles with setup Elastic Search + Kibana + Search Guard + Kerberos
After setup:
I see kerberos work fine.
Access to https://servername:9200/ via kerberos,
But Kibana http://servername:5601 - show me 1 error on page - “Authentication Exception”
sg_config.yml:
authc:
basic_internal_auth_domain:
enabled: true
order: 0
http_authenticator:
type: basic
challenge: false
authentication_backend:
type: intern
kerberos_auth_domain:
enabled: true
order: 1
http_authenticator:
type: kerberos
challenge: true
config:
krb_debug: true
strip_realm_from_principal: true
authentication_backend:
type: noop
authz:
roles_from_myldap:
enabled: true
authorization_backend:
type: ldap
config:
enable_ssl: false
enable_start_tls: false
enable_ssl_client_auth: false
verify_hostnames: true
hosts:
-
‘DC_name:389’
-
‘DC_name:389’
bind_dn: ‘… …’
password: ‘password’
rolebase: ‘…’
rolesearch: ‘(member={0})’
userroleattribute: null
userrolename: disabled
rolename: cn
kibana.yml
server.port: 5601
server.host: “0.0.0.0”
elasticsearch.url: “https://servername:9200”
searchguard.basicauth.enabled: false
elasticsearch.username: “kibanaserver”
elasticsearch.password: “kibanaserver”
elasticsearch.yml
searchguard.ssl.transport.keystore_filepath: keystore.jks
searchguard.ssl.transport.truststore_filepath: truststore.jks
searchguard.ssl.transport.enforce_hostname_verification: false
searchguard.ssl.http.enabled: true
searchguard.kerberos.krb5_filepath: ‘/etc/krb5.conf’
searchguard.kerberos.acceptor_keytab_filepath: userH.keytab
searchguard.ssl.http.keystore_filepath: keystore.jks
searchguard.kerberos.acceptor_principal: ‘HTTP/servername’
searchguard.ssl.http.truststore_filepath: truststore.jks