User credentials are cached in memory on each node to avoid connecting to a
remote authentication service or hitting the disk for every incoming request.
You can configure characteristics of the user cache with the
cache.hash_algo realm settings.
JWT realms use
jwt.cache.size realm settings.
PKI and JWT realms do not cache user credentials, but do cache the resolved user object to avoid unnecessarily needing to perform role mapping on each request.
The cached user credentials are hashed in memory. By default, the Elasticsearch
security features use a salted
sha-256 hash algorithm. You can use a
different hashing algorithm by setting the
cache.hash_algo realm settings. See
User cache and password hash algorithms.
You can use the clear cache API to force
the eviction of cached users . For example, the following request evicts all
users from the
$ curl -XPOST 'http://localhost:9200/_security/realm/ad1/_clear_cache'
To clear the cache for multiple realms, specify the realms as a comma-separated list:
$ curl -XPOST 'http://localhost:9200/_security/realm/ad1,ad2/_clear_cache'
You can also evict specific users:
$ curl -XPOST 'http://localhost:9200/_security/realm/ad1/_clear_cache?usernames=rdeniro,alpacino'