diff --git a/docs/reference/redirects.asciidoc b/docs/reference/redirects.asciidoc index 518909722e61f..16c0ed7b29d61 100644 --- a/docs/reference/redirects.asciidoc +++ b/docs/reference/redirects.asciidoc @@ -995,3 +995,9 @@ See <>. === Setting up SSL between Elasticsearch and LDAP See <>. + +[role="exclude",id="configuring-kerberos-realm"] +=== Configuring a Kerberos realm + +See <>. + diff --git a/x-pack/docs/en/security/authentication/configuring-kerberos-realm.asciidoc b/x-pack/docs/en/security/authentication/configuring-kerberos-realm.asciidoc index 0d834664b5148..9f20596837a0e 100644 --- a/x-pack/docs/en/security/authentication/configuring-kerberos-realm.asciidoc +++ b/x-pack/docs/en/security/authentication/configuring-kerberos-realm.asciidoc @@ -1,7 +1,3 @@ -[role="xpack"] -[[configuring-kerberos-realm]] -=== Configuring a Kerberos realm - Kerberos is used to protect services and uses a ticket-based authentication protocol to authenticate users. You can configure {es} to use the Kerberos V5 authentication protocol, which is @@ -15,9 +11,8 @@ Refer to your Kerberos installation documentation for more information about obtaining TGT. {es} clients must first obtain a TGT then initiate the process of authenticating with {es}. -For a summary of Kerberos terminology, see <>. - -==== Before you begin +[[kerberos-realm-prereq]] +===== Before you begin . Deploy Kerberos. + @@ -51,7 +46,8 @@ For more information on Java GSS, see https://docs.oracle.com/javase/10/security/kerberos-requirements1.htm[Java GSS Kerberos requirements] -- -==== Create a Kerberos realm +[[kerberos-realm-create]] +===== Create a Kerberos realm To configure a Kerberos realm in {es}: @@ -176,4 +172,3 @@ NOTE: The Kerberos realm supports alternative to role mapping. -- - diff --git a/x-pack/docs/en/security/authentication/kerberos-realm.asciidoc b/x-pack/docs/en/security/authentication/kerberos-realm.asciidoc index e86c3d76b14a1..7f363551b7d8d 100644 --- a/x-pack/docs/en/security/authentication/kerberos-realm.asciidoc +++ b/x-pack/docs/en/security/authentication/kerberos-realm.asciidoc @@ -7,10 +7,8 @@ authentication, an industry standard protocol to authenticate users in {es}. NOTE: You cannot use the Kerberos realm to authenticate on the transport network layer. -To authenticate users with Kerberos, you need to -<> and -<>. -For more information on realm settings, see +To authenticate users with Kerberos, you need to configure a Kerberos realm and +map users to roles. For more information on realm settings, see <>. [[kerberos-terms]] @@ -59,4 +57,9 @@ realm session key encryption types. _ticket granting ticket (TGT)_:: A TGT is an authentication ticket generated by the Kerberos authentication -server. It contains an encrypted authenticator. \ No newline at end of file +server. It contains an encrypted authenticator. + +[[kerberos-realm-configuration]] +==== Configuring a Kerberos realm + +include::configuring-kerberos-realm.asciidoc[] \ No newline at end of file diff --git a/x-pack/docs/en/security/configuring-es.asciidoc b/x-pack/docs/en/security/configuring-es.asciidoc index cfd8ff9dcc92b..c50e8242519a5 100644 --- a/x-pack/docs/en/security/configuring-es.asciidoc +++ b/x-pack/docs/en/security/configuring-es.asciidoc @@ -74,7 +74,7 @@ your subscription. For more information, see https://www.elastic.co/subscription -- ** <> ** <> -** <> +** <> ** <> ** <> ** <> @@ -145,7 +145,6 @@ include::securing-communications/enabling-cipher-suites.asciidoc[] include::authentication/configuring-active-directory-realm.asciidoc[] include::authentication/configuring-pki-realm.asciidoc[] -include::authentication/configuring-kerberos-realm.asciidoc[] include::reference/files.asciidoc[] include::fips-140-compliance.asciidoc[]