ldap password in config file #173
Comments
|
I'm having the same problem. I'm currently working on something with a requirement that no passwords must be in plain text. It might not give much more meaningful security in reality, but it will allow this system to conform to many countries regulations for no sensitive data to be found in plain text. |
|
Any update? |
|
Not as far as I know sadly. |
|
Hello any update on this ? |
|
Hello, any progress on this requirement? |
peternied
added
the
help wanted
|
No progress, but we'd gladly review a pull request for this functionality |
|
We are doing some "spring cleaning in the fall", and to make sure we focus our energies on the right issues and we get a better picture of the state of the repo, we are closing all issues that we are carrying over from the ODFE era (ODFE is no longer supported/maintained, see post here). If you believe this issue should still be considered for current versions of OpenSearch, apologies! Please let us know by re-opening it. Thanks! |
|
This issue should still be considered (I have not enought skill to help you on this :) ) |
The bind password used for authentication and/or authorization is both readable in the config file and in Kibana.
It will be better to use a hash like for internal user password or to store the password with another mechanism like the elastic keystore.
The text was updated successfully, but these errors were encountered: