salyh / elasticsearch-beyond-basicauthentication Goto Github PK

##Demo for my "Elasticsearch: Beyond Basic Authentication" talk

https://speakerdeck.com/salyh/elasticsearch-2-security-beyond-basic-authentication

• vagrant up
• vagrant ssh
• cd /vagrant
• ./setup_mit_krb.sh
• Realm: EXAMPLE:COM
• Host: localhost
• nohup ./start_elasticsearch.sh &
• ./kerb_request.sh

Vagrant exposes the ports 9200 and 5601. Open firefox on your host system and type:

• https://localhost:9200/_logininfo?pretty

Access is denied. To get access via PKI authentication

• import pki-scripts/client.p12 into firefox and try again
• You should be authenticated as "Mister Spock"

To get access via kerberos copy the /etc/krb5.conf from the vagrant box to your host system (tested on OS X) and

• In Firefox add "localhost" to allowed URLs like described here
• kinit [email protected]
• Password is: lukepwd
• Open https://localhost:9200/_logininfo?pretty
• You should be authenticated as "luke"