cannot change password for role given by example.
162 views
Skip to first unread message
Jay Miao
Jul 7, 2016, 10:13:24 AM7/7/16
to Search Guard
Step1: use example given role named readall password: readall login to my cluster
Step2: change the password of readall to 123456 by using hash.sh and use sgadmin.sh update configuration. It seems every things update successfully.
sg_internal_users.yml
readall:
hash: $2a$12$Y7D1zuzJ/tEHT6ings7DFOjsHReA.7GPam6JKRmpaWbbvKTnRKGeK
command
> bash plugins/search-guard-2/tools/sgadmin.sh \
-cn np_es \
-h app01.add.bjyt.qihoo.net \
-cd plugins/search-guard-2/sgconfig/ \
-ks plugins/search-guard-2/sgconfig/kirk-keystore.jks \
-ts plugins/search-guard-2/sgconfig/truststore.jks \
-nhnv
result of Terminal
Index does already exists
Populate config from /usr/local/elasticsearch-2.3.3/plugins/search-guard-2/sgconfig
Will update 'config' with plugins/search-guard-2/sgconfig/sg_config.yml
SUCC Configuration for 'config' created or updated
Will update 'roles' with plugins/search-guard-2/sgconfig/sg_roles.yml
SUCC Configuration for 'roles' created or updated
Will update 'rolesmapping' with plugins/search-guard-2/sgconfig/sg_roles_mapping.yml
SUCC Configuration for 'rolesmapping' created or updated
Will update 'internalusers' with plugins/search-guard-2/sgconfig/sg_internal_users.yml
SUCC Configuration for 'internalusers' created or updated
Will update 'actiongroups' with plugins/search-guard-2/sgconfig/sg_action_groups.yml
SUCC Configuration for 'actiongroups' created or updated
Wait a short time ...
Done with success
Step 4: Delete readall from sg_internal_users.yml and update using sgadmin.sh. I can still use readall:readall to login.
Should I restart my ES cluster ? OR Do anything else ?
SG
Jul 12, 2016, 1:17:35 PM7/12/16
to search...@googlegroups.com
Seems to be a bug, see https://github.com/floragunncom/search-guard/issues/144
Will be fixed in the next release
> --
> You received this message because you are subscribed to the Google Groups "Search Guard" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
> To post to this group, send email to search...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/71d4ad19-e88f-4a98-bc19-04df255133ed%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
Will be fixed in the next release
> You received this message because you are subscribed to the Google Groups "Search Guard" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
> To post to this group, send email to search...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/71d4ad19-e88f-4a98-bc19-04df255133ed%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages