Skip to content

[DOCS] Document authorization_realms for Kerberos realm #35927

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Nov 27, 2018
Merged

[DOCS] Document authorization_realms for Kerberos realm #35927

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
abfd99c
[DOCS] Document authorization_realms for Kerberos realm
Nov 26, 2018
3ad4d28
Address review comments
Nov 27, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 9 additions & 3 deletions docs/reference/settings/security-settings.asciidoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -285,7 +285,7 @@ this setting is not valid. For more information on
the different modes, see {xpack-ref}/ldap-realm.html[LDAP realms].

`authorization_realms`::
The names of the realms that should be consulted for delegate authorization.
The names of the realms that should be consulted for delegated authorization.
If this setting is used, then the LDAP realm does not perform role mapping and
instead loads the user from the listed realms. The referenced realms are
consulted in the order that they are defined in this list.
Expand Down Expand Up @@ -794,7 +794,7 @@ Specifies the {xpack-ref}/security-files.html[location] of the
Defaults to `ES_PATH_CONF/role_mapping.yml`.

`authorization_realms`::
The names of the realms that should be consulted for delegate authorization.
The names of the realms that should be consulted for delegated authorization.
If this setting is used, then the PKI realm does not perform role mapping and
instead loads the user from the listed realms.
See {stack-ov}/realm-chains.html#authorization_realms[Delegating authorization to another realm]
Expand Down Expand Up @@ -923,7 +923,7 @@ Specifies whether to populate the {es} user's metadata with the values that are
provided by the SAML attributes. Defaults to `true`.

`authorization_realms`::
The names of the realms that should be consulted for delegate authorization.
The names of the realms that should be consulted for delegated authorization.
If this setting is used, then the SAML realm does not perform role mapping and
instead loads the user from the listed realms.
See {stack-ov}/realm-chains.html#authorization_realms[Delegating authorization to another realm]
Expand Down Expand Up @@ -1170,6 +1170,12 @@ this period of time. Specify the time period using the standard {es}
`cache.max_users`:: The maximum number of user entries that can live in the
cache at any given time. Defaults to 100,000.

`authorization_realms`::
The names of the realms that should be consulted for delegated authorization.
If this setting is used, then the Kerberos realm does not perform role mapping and
instead loads the user from the listed realms.
See {stack-ov}/realm-chains.html#authorization_realms[Delegating authorization to another realm]

[float]
[[load-balancing]]
===== Load balancing and failover
Expand Down