##Demo for my "Elasticsearch: Beyond Basic Authentication" talk
https://speakerdeck.com/salyh/elasticsearch-2-security-beyond-basic-authentication
- vagrant up
- vagrant ssh
- cd /vagrant
- ./setup_mit_krb.sh
- Realm: EXAMPLE:COM
- Host: localhost
- nohup ./start_elasticsearch.sh &
- ./kerb_request.sh
Vagrant exposes the ports 9200 and 5601. Open firefox on your host system and type:
Access is denied. To get access via PKI authentication
- import pki-scripts/client.p12 into firefox and try again
- You should be authenticated as "Mister Spock"
To get access via kerberos copy the /etc/krb5.conf from the vagrant box to your host system (tested on OS X) and
- In Firefox add "localhost" to allowed URLs like described here
- kinit [email protected]
- Password is: lukepwd
- Open https://localhost:9200/_logininfo?pretty
- You should be authenticated as "luke"