A while back I asked about Limiting who can log in to Kibana to defined list of users
In the release notes for the current version of the Kibana plugin https://docs.search-guard.com/6.x-25/changelog-kibana-6.x-19 it says:
Add option for allowed_usernames - whitelist users #PR 362
Which is great. Thank you for implementing it! I’ve tried using it and it worked as expected. However, it is not mentioned in the documentation at https://docs.search-guard.com/6.x-25/kibana-authentication-http-basic and that discourages me from actually using it. Maybe there’s some gotcha in using it that I’m not aware of. How does it work in combination with
searchguard.basicauth.forbidden_usernames
? The obvious thing would seem to be that using one of those settings makes using the other one redundant. But what if both were used by accident and a user was in both lists?