I’m getting Search Guard all set up and everything is working so far.
But I need to either disable or change the password to the built-in accounts, since leaving them unchanged does represent a security risk.
I’ve tried manually changing the hash, or even commenting out the entry for the user in sg_internal_users.yml, but that doesn’t seem to work.
What am I missing?
I’ve got additional questions.
I’ve added a user through the GUI, but that user does not show up in sg_internal_users.yml
It seems as though that file is just a template.
Given that, how can new users/roles be provisioned or changed without using the GUI? (We will need to use the Community version of Search Guard at this time).
On Wednesday, January 24, 2018 at 9:58:13 AM UTC-6, John Barnard wrote:
I’m getting Search Guard all set up and everything is working so far.
But I need to either disable or change the password to the built-in accounts, since leaving them unchanged does represent a security risk.
I’ve tried manually changing the hash, or even commenting out the entry for the user in sg_internal_users.yml, but that doesn’t seem to work.
What am I missing?
See section “The Search Guard index” in the docs:
The Search Guard configuration is stored in an Elasticsearch index. This allows for hot-reloading the config without the need to restart any Elasticsearch node. Changes to the Search Guard configuration index need to made via:
Changes are stored in the SG configuration index in Elasticsearch directly. In this sense you are right, the demo configuration we ship is a template that you can use as a blueprint to set up your own users, roles and permissions.
On Wednesday, January 24, 2018 at 9:52:37 PM UTC+1, John Barnard wrote:
I’ve got additional questions.
I’ve added a user through the GUI, but that user does not show up in sg_internal_users.yml
It seems as though that file is just a template.
Given that, how can new users/roles be provisioned or changed without using the GUI? (We will need to use the Community version of Search Guard at this time).
On Wednesday, January 24, 2018 at 9:58:13 AM UTC-6, John Barnard wrote:
I’m getting Search Guard all set up and everything is working so far.
But I need to either disable or change the password to the built-in accounts, since leaving them unchanged does represent a security risk.
I’ve tried manually changing the hash, or even commenting out the entry for the user in sg_internal_users.yml, but that doesn’t seem to work.
What am I missing?