How the sg_internal_users.yml file is being generate?

[Eliran Boraks]

The sg_internal_users.yml have different user passwords from the password I generated using the certification script. 

Here are the steps I followed:

1. Generating certificates   './gen_client_node_cert.sh kirk change capass'

2. Generating sgadmin  './sgadmin.sh -ts truststore.jks -tspass changeit -ks kirk-keystore.jks -kspass changeit -cd ../sgconfig -icl -nhnv'

3. Accessing localhost:9200, entering username and password of ‘kirk' and ‘changeit’ and it doesn’t work. I tried again with ‘kirk’ as the password, and it worked. I look to see where ‘kirk’ password is set and I found the following search-guard-2/sgconfig/sg_internal_users.yml

kirk:

  hash: $2a$12$xZOcnwYPYQ3zIadnlQIJ0eNhX1ngwMkTN.oMwkKxoGvDVPn4/6XtO

  #password is: kirk

‘kirk’ is not the password I created for kirk, so I assume the ‘sg_internal_users.yml’ is part of the plugin, the question is how can I regenerate with the users and passwords I am creating.  

[SG]

did you read the docs? https://github.com/floragunncom/search-guard-docs/blob/master/internalusers.md

> --
> You received this message because you are subscribed to the Google Groups "Search Guard" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
> To post to this group, send email to search...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/90994df1-94b2-4c58-b057-88c0eff5a951%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

[Eliran Boraks]

Thank you for directing me to the docs. I will take a look. 

[Eliran Boraks]

I have a followup question. How is the internal user list being indexed by the sgadmin? Is it happen everytime I run sgadmin, or I need to do something different?