The easiest way to manage and authenticate users is with the internal
The native realm is available by default when no other realms are
configured. If other realm settings have been configured in
you must add the native realm to the realm chain.
You can configure options for the
native realm in the
xpack.security.authc.realms namespace in
configuring a native realm enables you to set the order in which it appears in
the realm chain, temporarily disable the realm, and control its cache options.
Add a realm configuration of type
xpack.security.authc.realmsnamespace. At a minimum, you must set the realm
native. If you are configuring multiple realms, you should also explicitly set the
See Native realm settings for all of the options you can set for the
nativerealm. For example, the following snippet shows a
nativerealm configuration that sets the
orderto zero so the realm is checked first:
xpack: security: authc: realms: native1: type: native order: 0
To limit exposure to credential theft and mitigate credential compromise, the native realm stores passwords and caches user credentials according to security best practices. By default, a hashed version of user credentials is stored in memory, using a salted
sha-256hash algorithm and a hashed version of passwords is stored on disk salted and hashed with the
bcrypthash algorithm. To use different hash algorithms, see User cache and password hash algorithms.
- Restart Elasticsearch.
- Manage your users in Kibana on the Management / Security / Users page. Alternatively, use the User Management APIs.