How the sg_internal_users.yml file is being generate?

The sg_internal_users.yml have different user passwords from the password I generated using the certification script.

Here are the steps I followed:

  1. Generating certificates ‘./gen_client_node_cert.sh kirk change capass’

  2. Generating sgadmin ‘./sgadmin.sh -ts truststore.jks -tspass changeit -ks kirk-keystore.jks -kspass changeit -cd …/sgconfig -icl -nhnv’

  3. Accessing localhost:9200, entering username and password of ‘kirk’ and ‘changeit’ and it doesn’t work. I tried again with ‘kirk’ as the password, and it worked. I look to see where ‘kirk’ password is set and I found the following search-guard-2/sgconfig/sg_internal_users.yml

kirk:

hash: $2a$12$xZOcnwYPYQ3zIadnlQIJ0eNhX1ngwMkTN.oMwkKxoGvDVPn4/6XtO

#password is: kirk

‘kirk’ is not the password I created for kirk, so I assume the ‘sg_internal_users.yml’ is part of the plugin, the question is how can I regenerate with the users and passwords I am creating.

did you read the docs? https://github.com/floragunncom/search-guard-docs/blob/master/internalusers.md

···

Am 24.02.2017 um 14:09 schrieb Eliran Boraks <eboraks@gmail.com>:

The sg_internal_users.yml have different user passwords from the password I generated using the certification script.

Here are the steps I followed:

1. Generating certificates './gen_client_node_cert.sh kirk change capass'

2. Generating sgadmin './sgadmin.sh -ts truststore.jks -tspass changeit -ks kirk-keystore.jks -kspass changeit -cd ../sgconfig -icl -nhnv'

3. Accessing localhost:9200, entering username and password of ‘kirk' and ‘changeit’ and it doesn’t work. I tried again with ‘kirk’ as the password, and it worked. I look to see where ‘kirk’ password is set and I found the following search-guard-2/sgconfig/sg_internal_users.yml

kirk:
  hash: $2a$12$xZOcnwYPYQ3zIadnlQIJ0eNhX1ngwMkTN.oMwkKxoGvDVPn4/6XtO
  #password is: kirk

‘kirk’ is not the password I created for kirk, so I assume the ‘sg_internal_users.yml’ is part of the plugin, the question is how can I regenerate with the users and passwords I am creating.

--
You received this message because you are subscribed to the Google Groups "Search Guard" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search-guard@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/90994df1-94b2-4c58-b057-88c0eff5a951%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Thank you for directing me to the docs. I will take a look.

···

On Friday, February 24, 2017 at 8:15:55 AM UTC-5, Search Guard wrote:

did you read the docs? https://github.com/floragunncom/search-guard-docs/blob/master/internalusers.md

Am 24.02.2017 um 14:09 schrieb Eliran Boraks ebo...@gmail.com:

The sg_internal_users.yml have different user passwords from the password I generated using the certification script.

Here are the steps I followed:

  1. Generating certificates ‘./gen_client_node_cert.sh kirk change capass’
  1. Generating sgadmin ‘./sgadmin.sh -ts truststore.jks -tspass changeit -ks kirk-keystore.jks -kspass changeit -cd …/sgconfig -icl -nhnv’
  1. Accessing localhost:9200, entering username and password of ‘kirk’ and ‘changeit’ and it doesn’t work. I tried again with ‘kirk’ as the password, and it worked. I look to see where ‘kirk’ password is set and I found the following search-guard-2/sgconfig/sg_internal_users.yml

kirk:

hash: $2a$12$xZOcnwYPYQ3zIadnlQIJ0eNhX1ngwMkTN.oMwkKxoGvDVPn4/6XtO

#password is: kirk

‘kirk’ is not the password I created for kirk, so I assume the ‘sg_internal_users.yml’ is part of the plugin, the question is how can I regenerate with the users and passwords I am creating.


You received this message because you are subscribed to the Google Groups “Search Guard” group.

To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.

To post to this group, send email to search...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/90994df1-94b2-4c58-b057-88c0eff5a951%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

I have a followup question. How is the internal user list being indexed by the sgadmin? Is it happen everytime I run sgadmin, or I need to do something different?

···

On Friday, February 24, 2017 at 9:59:21 AM UTC-5, Eliran Boraks wrote:

Thank you for directing me to the docs. I will take a look.

On Friday, February 24, 2017 at 8:15:55 AM UTC-5, Search Guard wrote:

did you read the docs? https://github.com/floragunncom/search-guard-docs/blob/master/internalusers.md

Am 24.02.2017 um 14:09 schrieb Eliran Boraks ebo...@gmail.com:

The sg_internal_users.yml have different user passwords from the password I generated using the certification script.

Here are the steps I followed:

  1. Generating certificates ‘./gen_client_node_cert.sh kirk change capass’
  1. Generating sgadmin ‘./sgadmin.sh -ts truststore.jks -tspass changeit -ks kirk-keystore.jks -kspass changeit -cd …/sgconfig -icl -nhnv’
  1. Accessing localhost:9200, entering username and password of ‘kirk’ and ‘changeit’ and it doesn’t work. I tried again with ‘kirk’ as the password, and it worked. I look to see where ‘kirk’ password is set and I found the following search-guard-2/sgconfig/sg_internal_users.yml

kirk:

hash: $2a$12$xZOcnwYPYQ3zIadnlQIJ0eNhX1ngwMkTN.oMwkKxoGvDVPn4/6XtO

#password is: kirk

‘kirk’ is not the password I created for kirk, so I assume the ‘sg_internal_users.yml’ is part of the plugin, the question is how can I regenerate with the users and passwords I am creating.


You received this message because you are subscribed to the Google Groups “Search Guard” group.

To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.

To post to this group, send email to search...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/90994df1-94b2-4c58-b057-88c0eff5a951%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.