search

opensearch-project / documentation-website

The documentation for OpenSearch, OpenSearch Dashboards, and their associated plugins.
https://opensearch.org/docs
Apache License 2.0
62 stars 431 forks source link

[DOC] Add information regarding Kerberos integration #7295

Open spapadop opened 3 weeks ago

spapadop commented 3 weeks ago

What do you want to do?

Tell us about your request. Provide a summary of the request and all versions that are affected. Currently OpenSearch security plugin supports Kerberos as Authentication backend. However, it is not listed on the relevant section: https://opensearch.org/docs/latest/security/authentication-backends/authc-index/

So, let's add it. Here's an example working config:


...
      "authc": {
        "basic_internal_auth_domain": {
          "http_enabled": true,
          "transport_enabled": true,
          "order": 1,
          "http_authenticator": {
            "challenge": false,
            "type": "basic",
            "config": {}
          },
          "authentication_backend": {
            "type": "intern",
            "config": {}
          },
          "description": "Authenticate via HTTP Basic against internal users database"
        },
        "kerberos_auth_domain": {
          "http_enabled": true,
          "transport_enabled": true,
          "order": 2,
          "http_authenticator": {
            "challenge": true,
            "type": "kerberos",
            "config": {
              "krb_debug": false,
              "strip_realm_from_principal": true
            }
          },
          "authentication_backend": {
            "type": "noop",
            "config": {}
          },
          "description": "Authenticate via Kerberos"
        }
...
hdhalter commented 3 weeks ago

Thanks, @spapadop ! Would you like to create the PR?

Tagging @AntonEliatra , as he wrote a great blog on security concepts, including Kerberos: https://opensearch.org/blog/opensearch-security-concepts/

spapadop commented 3 weeks ago

Gladly yeah, I'll come back asap.