New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
setup-passwords causes confusion around the purpose of builtin users #29892
Comments
Original comment by @tvernum: // CC: @elastic/es-security |
Original comment by @jkakavas: My gut feeling is that
would be the lesser evil.
In this case, I think it's more of a "users might not read documentation" problem than a "documentation is not clear enough" one. Since this is ( I think ) mostly about users attempting to login to Kibana with the |
Original comment by @tvernum:
Mostly, but not entirely. The issue was prompted by a forum post where logstash_system was being used in a pipeline, so while the "system" suffix will probably help, it's not the whole solution |
Original comment by @albertzaharovits: Here's my 2 cents:
|
Original comment by @bizybot: All good ideas, sharing an alternative here. As this is like an app to app communication that we want to authenticate, why not use certificate-based authentication.
This would involve enabling client_authentication on during setup not sure of the work on the client side (like kibana, logstash) to use certs instead of configured credentials. |
Original comment by @tvernum:
We need to do a better job of making certificate-based auth easier for customers to use but the issues are:
|
Original comment by @tvernum:
The problem is that once a customer runs
setup-passwords
they're given the userids and passwords for 3 users that can be quite misleading.Since releasing
setup-passwords
in 6.0, we've seen an (anecdotal) increase in the number of customers who are usingkibana
to login to Kibana andlogstash_system
for their logstash pipelines.And it makes sense that if users don't read the docs thoroughly, and they run the required tool and it gives them 3 users+passwords, then they'll go and use those users.
Possible solutions:
Do you want to setup some logins for Kibana?
Do you want to setup a user for logstash pipelines?
. I think it's hard to do well, but it's an option.The text was updated successfully, but these errors were encountered: