Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[DOC] Add information regarding Kerberos integration #7295

Closed
1 task done
spapadop opened this issue Jun 5, 2024 · 6 comments · Fixed by #7844
Closed
1 task done

[DOC] Add information regarding Kerberos integration #7295

spapadop opened this issue Jun 5, 2024 · 6 comments · Fixed by #7844
Assignees
@spapadop
Labels
2 - In progress Issue/PR: The issue or PR is in progress. security

Comments

@spapadop
Copy link
Contributor

spapadop commented Jun 5, 2024

What do you want to do?

  • Add new documentation

Tell us about your request. Provide a summary of the request and all versions that are affected.
Currently OpenSearch security plugin supports Kerberos as Authentication backend. However, it is not listed on the relevant section: https://opensearch.org/docs/latest/security/authentication-backends/authc-index/

So, let's add it. Here's an example working config:

...
      "authc": {
        "basic_internal_auth_domain": {
          "http_enabled": true,
          "transport_enabled": true,
          "order": 1,
          "http_authenticator": {
            "challenge": false,
            "type": "basic",
            "config": {}
          },
          "authentication_backend": {
            "type": "intern",
            "config": {}
          },
          "description": "Authenticate via HTTP Basic against internal users database"
        },
        "kerberos_auth_domain": {
          "http_enabled": true,
          "transport_enabled": true,
          "order": 2,
          "http_authenticator": {
            "challenge": true,
            "type": "kerberos",
            "config": {
              "krb_debug": false,
              "strip_realm_from_principal": true
            }
          },
          "authentication_backend": {
            "type": "noop",
            "config": {}
          },
          "description": "Authenticate via Kerberos"
        }
...
@hdhalter
Copy link
Contributor

hdhalter commented Jun 6, 2024

Thanks, @spapadop ! Would you like to create the PR?

Tagging @AntonEliatra , as he wrote a great blog on security concepts, including Kerberos: https://opensearch.org/blog/opensearch-security-concepts/

@hdhalter hdhalter added 1 - Backlog - DEV Developer assigned to issue is responsible for creating PR. security and removed untriaged labels Jun 6, 2024
@spapadop
Copy link
Contributor Author

spapadop commented Jun 6, 2024

Gladly yeah, I'll come back asap.

@hdhalter
Copy link
Contributor

Hi @spapadop - Just checking in to see if you still want to submit the documentation PR? Thanks.

@spapadop
Copy link
Contributor Author

Hi @hdhalter, apologies for the delay and thanks for the reminder! Yeah, let me work on it and I'll raise a PR soon.

@spapadop spapadop mentioned this issue Jul 26, 2024
Merged
1 task
@spapadop
Copy link
Contributor Author

there you go #7844

@hdhalter
Copy link
Contributor

Awesome! Please tag me when it is ready for review. Thanks.

@hdhalter hdhalter added 2 - In progress Issue/PR: The issue or PR is in progress. and removed 1 - Backlog - DEV Developer assigned to issue is responsible for creating PR. labels Jul 26, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@spapadop spapadop

Labels
2 - In progress Issue/PR: The issue or PR is in progress. security
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add documentation on Kerberos configuration spapadop/documentation-website
2 participants
@spapadop @hdhalter