Skip to content

Commit

Permalink
[DOCS] Merges duplicate pages for Kerberos realms (#49207)
Browse files Browse the repository at this point in the history
  • Loading branch information
lcawl committed Nov 18, 2019
1 parent 6877c87 commit b8cbdf2
Show file tree
Hide file tree
Showing 4 changed files with 20 additions and 17 deletions.
6 changes: 6 additions & 0 deletions docs/reference/redirects.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -969,3 +969,9 @@ See <<ref-ldap-settings>>.
=== Setting up SSL between Elasticsearch and LDAP

See <<tls-ldap>>.

[role="exclude",id="configuring-kerberos-realm"]
=== Configuring a Kerberos realm

See <<kerberos-realm-configuration>>.

Original file line number Diff line number Diff line change
@@ -1,7 +1,3 @@
[role="xpack"]
[[configuring-kerberos-realm]]
=== Configuring a Kerberos realm

Kerberos is used to protect services and uses a ticket-based authentication
protocol to authenticate users.
You can configure {es} to use the Kerberos V5 authentication protocol, which is
Expand All @@ -15,9 +11,8 @@ Refer to your Kerberos installation documentation for more information about
obtaining TGT. {es} clients must first obtain a TGT then initiate the process of
authenticating with {es}.

For a summary of Kerberos terminology, see <<kerberos-realm>>.

==== Before you begin
[[kerberos-realm-prereq]]
===== Before you begin

. Deploy Kerberos.
+
Expand Down Expand Up @@ -51,7 +46,8 @@ For more information on Java GSS, see
https://docs.oracle.com/javase/10/security/kerberos-requirements1.htm[Java GSS Kerberos requirements]
--

==== Create a Kerberos realm
[[kerberos-realm-create]]
===== Create a Kerberos realm

To configure a Kerberos realm in {es}:

Expand Down Expand Up @@ -176,4 +172,3 @@ NOTE: The Kerberos realm supports
alternative to role mapping.

--

15 changes: 9 additions & 6 deletions x-pack/docs/en/security/authentication/kerberos-realm.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -7,11 +7,9 @@ authentication, an industry standard protocol to authenticate users in {es}.

NOTE: You cannot use the Kerberos realm to authenticate on the transport network layer.

To authenticate users with Kerberos, you need to
{ref}/configuring-kerberos-realm.html[configure a Kerberos realm] and
<<mapping-roles, map users to roles>>.
For more information on realm settings, see
{ref}/security-settings.html#ref-kerberos-settings[Kerberos realm settings].
To authenticate users with Kerberos, you need to configure a Kerberos realm and
map users to roles. For more information on realm settings, see
<<ref-kerberos-settings>>.

[[kerberos-terms]]
==== Key concepts
Expand Down Expand Up @@ -59,4 +57,9 @@ realm session key encryption types.

_ticket granting ticket (TGT)_::
A TGT is an authentication ticket generated by the Kerberos authentication
server. It contains an encrypted authenticator.
server. It contains an encrypted authenticator.

[[kerberos-realm-configuration]]
==== Configuring a Kerberos realm

include::configuring-kerberos-realm.asciidoc[]
3 changes: 1 addition & 2 deletions x-pack/docs/en/security/configuring-es.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -74,7 +74,7 @@ your subscription. For more information, see https://www.elastic.co/subscription
--
** <<configuring-ad-realm,Active Directory realms>>
** <<file-realm,File realms>>
** <<configuring-kerberos-realm,Kerberos realms>>
** <<kerberos-realm,Kerberos realms>>
** <<ldap-realm,LDAP realms>>
** <<native-realm,Native realms>>
** <<configuring-pki-realm,PKI realms>>
Expand Down Expand Up @@ -147,7 +147,6 @@ include::securing-communications/separating-node-client-traffic.asciidoc[]

include::authentication/configuring-active-directory-realm.asciidoc[]
include::authentication/configuring-pki-realm.asciidoc[]
include::authentication/configuring-kerberos-realm.asciidoc[]

include::reference/files.asciidoc[]
include::fips-140-compliance.asciidoc[]
Expand Down

0 comments on commit b8cbdf2

Please sign in to comment.