Kerberos/SPNEGO custom realm for Elasticsearch X-Pack 5.0.2.
Authenticate HTTP requests via Kerberos/SPNEGO.
Transport requests are not yet supported.
Apache License Version 2.0
- Kerberos/SPNEGO REST/HTTP authentication
- No JAAS login.conf required
- No external dependencies
- Elasticsearch 5.0.2
- X-Pack Plugin 5.0.2
- Kerberos Infrastructure (ActiveDirectory, MIT, Heimdal, ...)
$ git clone https://github.com/robertvolkmann/elasticsearch-shield-kerberos-realm.git
$ mvn package
$ bin/x-pack/extension install file:///path/to/target/release/elasticsearch-shield-kerberos-realm-2.4.4.zip
Configuration is done in elasticsearch.yml
shield.authc.realms.kerberos:
type: kerberos
order: 0
acceptor_principal: HTTP/[email protected]
files:
acceptor_keytab: relative/path/to/server.keytab
krb5_conf: relative/path/to/krb5.conf
roles.user_role.0: [email protected]
acceptor_principal- Acceptor (Server) Principal name, must be present in acceptor_keytab fileacceptor_keytab- The relative path to the keytab where the acceptor_principal credentials are stored.krb5_conf- The relative path to krb5.conf file.roles- Roles which should be assigned to the initiator (the user who's logged in)