From 7023df03eeddc7fdbd83387028f4451f1207ead7 Mon Sep 17 00:00:00 2001 From: Lisa Cawley Date: Mon, 18 Nov 2019 15:19:13 -0800 Subject: [PATCH] [DOCS] Merges duplicate pages for Kerberos realms (#49207) --- docs/reference/redirects.asciidoc | 6 ++++++ .../configuring-kerberos-realm.asciidoc | 13 ++++--------- .../authentication/kerberos-realm.asciidoc | 15 +++++++++------ x-pack/docs/en/security/configuring-es.asciidoc | 3 +-- 4 files changed, 20 insertions(+), 17 deletions(-) diff --git a/docs/reference/redirects.asciidoc b/docs/reference/redirects.asciidoc index bf528ba9d2cca..d37bae6e15d84 100644 --- a/docs/reference/redirects.asciidoc +++ b/docs/reference/redirects.asciidoc @@ -966,3 +966,9 @@ See <>. === Setting up SSL between Elasticsearch and LDAP See <>. + +[role="exclude",id="configuring-kerberos-realm"] +=== Configuring a Kerberos realm + +See <>. + diff --git a/x-pack/docs/en/security/authentication/configuring-kerberos-realm.asciidoc b/x-pack/docs/en/security/authentication/configuring-kerberos-realm.asciidoc index 0d834664b5148..9f20596837a0e 100644 --- a/x-pack/docs/en/security/authentication/configuring-kerberos-realm.asciidoc +++ b/x-pack/docs/en/security/authentication/configuring-kerberos-realm.asciidoc @@ -1,7 +1,3 @@ -[role="xpack"] -[[configuring-kerberos-realm]] -=== Configuring a Kerberos realm - Kerberos is used to protect services and uses a ticket-based authentication protocol to authenticate users. You can configure {es} to use the Kerberos V5 authentication protocol, which is @@ -15,9 +11,8 @@ Refer to your Kerberos installation documentation for more information about obtaining TGT. {es} clients must first obtain a TGT then initiate the process of authenticating with {es}. -For a summary of Kerberos terminology, see <>. - -==== Before you begin +[[kerberos-realm-prereq]] +===== Before you begin . Deploy Kerberos. + @@ -51,7 +46,8 @@ For more information on Java GSS, see https://docs.oracle.com/javase/10/security/kerberos-requirements1.htm[Java GSS Kerberos requirements] -- -==== Create a Kerberos realm +[[kerberos-realm-create]] +===== Create a Kerberos realm To configure a Kerberos realm in {es}: @@ -176,4 +172,3 @@ NOTE: The Kerberos realm supports alternative to role mapping. -- - diff --git a/x-pack/docs/en/security/authentication/kerberos-realm.asciidoc b/x-pack/docs/en/security/authentication/kerberos-realm.asciidoc index 7d39947580456..7f363551b7d8d 100644 --- a/x-pack/docs/en/security/authentication/kerberos-realm.asciidoc +++ b/x-pack/docs/en/security/authentication/kerberos-realm.asciidoc @@ -7,11 +7,9 @@ authentication, an industry standard protocol to authenticate users in {es}. NOTE: You cannot use the Kerberos realm to authenticate on the transport network layer. -To authenticate users with Kerberos, you need to -{ref}/configuring-kerberos-realm.html[configure a Kerberos realm] and -<>. -For more information on realm settings, see -{ref}/security-settings.html#ref-kerberos-settings[Kerberos realm settings]. +To authenticate users with Kerberos, you need to configure a Kerberos realm and +map users to roles. For more information on realm settings, see +<>. [[kerberos-terms]] ==== Key concepts @@ -59,4 +57,9 @@ realm session key encryption types. _ticket granting ticket (TGT)_:: A TGT is an authentication ticket generated by the Kerberos authentication -server. It contains an encrypted authenticator. \ No newline at end of file +server. It contains an encrypted authenticator. + +[[kerberos-realm-configuration]] +==== Configuring a Kerberos realm + +include::configuring-kerberos-realm.asciidoc[] \ No newline at end of file diff --git a/x-pack/docs/en/security/configuring-es.asciidoc b/x-pack/docs/en/security/configuring-es.asciidoc index 11238ad864da0..0eb733a863fa6 100644 --- a/x-pack/docs/en/security/configuring-es.asciidoc +++ b/x-pack/docs/en/security/configuring-es.asciidoc @@ -74,7 +74,7 @@ your subscription. For more information, see https://www.elastic.co/subscription -- ** <> ** <> -** <> +** <> ** <> ** <> ** <> @@ -147,7 +147,6 @@ include::securing-communications/separating-node-client-traffic.asciidoc[] include::authentication/configuring-active-directory-realm.asciidoc[] include::authentication/configuring-pki-realm.asciidoc[] -include::authentication/configuring-kerberos-realm.asciidoc[] include::reference/files.asciidoc[] include::fips-140-compliance.asciidoc[]