Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

change admin password #5

Closed
bollicino opened this issue Mar 12, 2019 · 2 comments

Comments

Projects
None yet
3 participants
@bollicino
Copy link

commented Mar 12, 2019

Hi, is it possible to change the default admin password?

@aetter

This comment has been minimized.

Copy link
Member

commented Mar 12, 2019

Hi @bollicino, the intent is that you would create your own users or hook up an authentication provider rather than modifying the demo users, but the short answer is "yes, you can." I'll try to find a decent spot for this content in the documentation, but it's pretty complicated.

This is on the RPM distribution. For Docker, you would have to overwrite files before running the image.

Basically, you run the hash tool to generate a new password hash:

cd /usr/share/elasticsearch/plugins/opendistro_security/tools
sudo sh hash.sh -p cleartext
$2y$12$C/543Qr4Y7Zy4Wsq5WvN9uw.WAbpvGghpiXvk9WexZgDfAGuG0OEC

Then copy and paste the hashed password into internal_users.yml in the hash field:

sudo vi /usr/share/elasticsearch/plugins/opendistro_security/securityconfig/internal_users.yml

Finally, to apply the change, run:

sudo sh securityadmin.sh -cd ../securityconfig/ -icl -nhnv -cacert /etc/elasticsearch/root-ca.pem -cert /etc/elasticsearch/kirk.pem -key /etc/elasticsearch/kirk-key.pem

This command uses the demo certificates, but replace the names/paths with your own certificates as necessary. Then to check that the password applied successfully, run:

$ curl -XGET -k https://localhost:9200 -u admin:admin
Unauthorized

$ curl -XGET -k https://localhost:9200 -u admin:cleartext
{
  "name" : "0yAIeJY",
  "cluster_name" : "elasticsearch",
  "cluster_uuid" : "isaCyPzNR6yy-n8epKSc8w",
  "version" : {
    "number" : "6.5.4",
    "build_flavor" : "oss",
    "build_type" : "rpm",
    "build_hash" : "d2ef93d",
    "build_date" : "2018-12-17T21:17:40.758843Z",
    "build_snapshot" : false,
    "lucene_version" : "7.5.0",
    "minimum_wire_compatibility_version" : "5.6.0",
    "minimum_index_compatibility_version" : "5.0.0"
  },
  "tagline" : "You Know, for Search"
}

For most users, you can just use the Kibana UI, but for readonly users like admin, I think this is the only path. I'll leave this issue open until I've at least partially addressed the concern in the docs. Let me know if it works out for you!

@aetter

This comment has been minimized.

Copy link
Member

commented Mar 18, 2019

Closing out now that #15 is merged.

@aetter aetter closed this Mar 18, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.