Hello everybody,
I try to change the admin demo password with a custom password.
I removed the readonly flag of “admin” user :
{
“readonly”: “false”,
“roles”: [
“admin”
],
“attributes”: {
“attribute1”: “value1”,
“attribute3”: “value3”,
“attribute2”: “value2”
},
“password”: “”
}
``
I removed the readonly flag of “sg_all_access” :
{
“backendroles”: [
“admin”
],
“readonly”: “false”
}
``
and next execute the sgadmin_demo.sh script to apply configuration changes.
But on Kibana GUI SG management, when I connect with Admin, the user is “reserved” which prevents me to change his passwd.
Have you got a solution ?
I do not fully understand what you posted. So you say you removed the readonly flag from the admin user, but the posted configuration is in JSON format, not YAML. Where exactly did you change the readonly settings, and where are the JSON snippets from?
···
On Wednesday, July 11, 2018 at 2:28:26 PM UTC+2, Dylan Osef wrote:
Hello everybody,
I try to change the admin demo password with a custom password.
I removed the readonly flag of “admin” user :
{
“readonly”: “false”,
“roles”: [
“admin”
],
“attributes”: {
“attribute1”: “value1”,
“attribute3”: “value3”,
“attribute2”: “value2”
},
“password”: “”
}
``
I removed the readonly flag of “sg_all_access” :
{
“backendroles”: [
“admin”
],
“readonly”: “false”
}
``
and next execute the sgadmin_demo.sh script to apply configuration changes.
But on Kibana GUI SG management, when I connect with Admin, the user is “reserved” which prevents me to change his passwd.
Have you got a solution ?
Hello Jochen,
I changed the readonly flag directly in /sgpath/plugin/tools/sg_internal_users.yml, now it looks like :
[root@lpsrvelkifr1 sgconfig]# cat sg_internal_users.yml
This is the internal user database
The hash value is a bcrypt hash and can be generated with plugin/tools/hash.sh
#password is: admin
admin:
readonly: false
hash: $2a$12$VcCDgh2NDk07JGN0rjGbM.Ad41qVR/YFJcgHp0UGns5JDymv…TOG
roles:
- admin
attributes:
#no dots allowed in attribute names
attribute1: value1
attribute2: value2
attribute3: value3
#password is: logstash
logstash:
hash: $2a$12$u1ShR4l4uBS3Uv59Pa2y5.1uQuZBrZtmNfqB3iM/.jL0XoV9sghS2
roles:
- logstash
#password is: kibanaserver
kibanaserver:
readonly: true
hash: $2a$12$4AcgAt3xwOWadA5s5blL6ev39OXDNhmOesEoo33eZtrq2N0YrU3H.
#password is: kibanaro
kibanaro:
hash: $2a$12$JJSXNfTowz7Uu5ttXfeYpeYE0arACvcwlPBStB1F.MI7f0U9Z4DGC
roles:
- kibanauser
- readall
#password is: readall
readall:
hash: $2a$12$ae4ycwzwvLtZxwZ82RmiEunBbIPiAmGZduBAjKN0TXdwQFtCwARz2
#password is: readall
roles:
- readall
#password is: snapshotrestore
snapshotrestore:
hash: $2y$12$DpwmetHKwgYnorbgdvORCenv4NAK8cPUg8AI6pxLCuWf/ALc0.v7W
roles:
- snapshotrestore
``
And the JSON code is a copy/paste from “</> Show JSON” on user admin in Kibana SG GUI plugin
Can I juste change the hash to change the pass ?
Thx you
Yes you can, but the removing the readonly flag here should make it possible to change the user in the configuration GUI.
Please use the hash.sh script in the tools directory to create the password hashes:
https://docs.search-guard.com/latest/internal-users-database#generating-hashed-passwords
···
On Wednesday, July 11, 2018 at 4:19:59 PM UTC+2, Dylan Osef wrote:
Hello Jochen,
I changed the readonly flag directly in /sgpath/plugin/tools/sg_internal_users.yml, now it looks like :
[root@lpsrvelkifr1 sgconfig]# cat sg_internal_users.yml
This is the internal user database
The hash value is a bcrypt hash and can be generated with plugin/tools/hash.sh
#password is: admin
admin:
readonly: false
hash: $2a$12$VcCDgh2NDk07JGN0rjGbM.Ad41qVR/YFJcgHp0UGns5JDymv…TOG
roles:
- admin
attributes:
#no dots allowed in attribute names
attribute1: value1
attribute2: value2
attribute3: value3
#password is: logstash
logstash:
hash: $2a$12$u1ShR4l4uBS3Uv59Pa2y5.1uQuZBrZtmNfqB3iM/.jL0XoV9sghS2
roles:
- logstash
#password is: kibanaserver
kibanaserver:
readonly: true
hash: $2a$12$4AcgAt3xwOWadA5s5blL6ev39OXDNhmOesEoo33eZtrq2N0YrU3H.
#password is: kibanaro
kibanaro:
hash: $2a$12$JJSXNfTowz7Uu5ttXfeYpeYE0arACvcwlPBStB1F.MI7f0U9Z4DGC
roles:
- kibanauser
- readall
#password is: readall
readall:
hash: $2a$12$ae4ycwzwvLtZxwZ82RmiEunBbIPiAmGZduBAjKN0TXdwQFtCwARz2
#password is: readall
roles:
- readall
#password is: snapshotrestore
snapshotrestore:
hash: $2y$12$DpwmetHKwgYnorbgdvORCenv4NAK8cPUg8AI6pxLCuWf/ALc0.v7W
roles:
- snapshotrestore
``
And the JSON code is a copy/paste from “</> Show JSON” on user admin in Kibana SG GUI plugin
Can I juste change the hash to change the pass ?
Thx you
In the user GUI configuration my “admin” user is seen has “reserved” so i’m unable to change anything…
That’s why I would like to know if i replace the current hash in the sg_internal_users.yml it could work ?
Thank you.
I changed the admin hash into sg_internal_users.yml and it works 
Thx for help Jochen