Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add documentation on Kerberos configuration #7844

Merged
merged 13 commits into from
Jul 30, 2024
Merged

Add documentation on Kerberos configuration #7844

merged 13 commits into from
Jul 30, 2024

Conversation

spapadop
Copy link
Contributor

Description

Kerberos is currently supported on OpenSearch as authentication backend, but it is not documented.

Issues Resolved

Close #7295

Version

all

Checklist

  • By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and subject to the Developers Certificate of Origin.
    For more information on following Developer Certificate of Origin and signing off your commits, please check here.

@github-actions GitHub Actions
Copy link

Thank you for submitting your PR. The PR states are In progress (or Draft) -> Tech review -> Doc review -> Editorial review -> Merged.

Before you submit your PR for doc review, make sure the content is technically accurate. If you need help finding a tech reviewer, tag a maintainer.

When you're ready for doc review, tag the assignee of this PR. The doc reviewer may push edits to the PR directly or leave comments and editorial suggestions for you to address (let us know in a comment if you have a preference). The doc reviewer will arrange for an editorial review.

@spapadop spapadop force-pushed the security/kerberos branch from 0df8c72 to d2b558b Compare July 26, 2024 14:59
@spapadop spapadop mentioned this pull request Jul 26, 2024
Closed
1 task
@spapadop spapadop marked this pull request as draft July 26, 2024 15:08
spapadop and others added 2 commits July 26, 2024 17:37
@spapadop
Add documentation on Kerberos configuration.
f45f416 
Signed-off-by: Sokratis Papadopoulos <[email protected]>
Add krb doc
d51b6ad 
Signed-off-by: Sokratis Papadopoulos <[email protected]>
@spapadop spapadop force-pushed the security/kerberos branch from 9dcb98e to d51b6ad Compare July 26, 2024 15:37
Sokratis Papadopoulos added 5 commits July 26, 2024 17:37
Reorder kerberos in backend list
4f7a681 
Signed-off-by: Sokratis Papadopoulos <[email protected]>
Reformat
6ba4e6d 
Signed-off-by: Sokratis Papadopoulos <[email protected]>
Typo on acceptor_principal
c651ce7 
Signed-off-by: Sokratis Papadopoulos <[email protected]>
Fix style
6904e60 
Signed-off-by: Sokratis Papadopoulos <[email protected]>
Fix style
958b39f 
Signed-off-by: Sokratis Papadopoulos <[email protected]>
@spapadop spapadop marked this pull request as ready for review July 26, 2024 15:48
Typo on acceptor_principal
c8c8ac5 
Signed-off-by: Sokratis Papadopoulos <[email protected]>
@spapadop
Copy link
Contributor Author

@hdhalter ready :)

@kkhatua kkhatua requested a review from derek-ho July 26, 2024 19:23
@hdhalter hdhalter added 3 - Tech review PR: Tech review in progress backport 2.15 labels Jul 26, 2024
@hdhalter hdhalter assigned derek-ho and unassigned hdhalter Jul 26, 2024
derek-ho
derek-ho approved these changes Jul 29, 2024
View reviewed changes
Copy link
Contributor

@derek-ho derek-ho left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changes look good to me. @cwperks maybe can provide another set of eyes here. It seems like this is mostly moving commented out docs out.

cwperks
cwperks reviewed Jul 29, 2024
View reviewed changes
_security/configuration/configuration.md
@@ -162,65 +163,4 @@ To learn about configuring the authentication backends, see the [Authentication
* [Active Directory and LDAP]({{site.url}}{{site.baseurl}}/security/authentication-backends/ldap/)
* [Proxy-based authentication]({{site.url}}{{site.baseurl}}/security/authentication-backends/proxy/)
* [Client certificate authentication]({{site.url}}{{site.baseurl}}/security/authentication-backends/client-auth/)


<!--- Remvoving Kerberos documentation until issue #907 is resolved.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see that opensearch-project/security-dashboards-plugin#907 is still open. While we don't have automated functional tests in the security-dashboards-plugin to verify kerberos, has it been validated through a demo configuration?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I assume that kerberos is still not supported on OpenSearch Dashboards, but this documentation is rather about OpenSearch, where kerberos is supported. We've been using it successfully on all our clusters already from the OpenDistro era.

Add default value for boolean params
54719e1 
Signed-off-by: Sokratis Papadopoulos <[email protected]>
@Naarcha-AWS Naarcha-AWS added 4 - Doc review PR: Doc review in progress and removed 3 - Tech review PR: Tech review in progress labels Jul 29, 2024
@Naarcha-AWS Naarcha-AWS self-assigned this Jul 29, 2024
@spapadop
Copy link
Contributor Author

@Naarcha-AWS thanks for the commit, changes seem good! But the DCO check if failing ever since, could you please sign accordingly?

@Naarcha-AWS Naarcha-AWS merged commit 4388aa0 into opensearch-project:main Jul 30, 2024
5 checks passed
opensearch-trigger-bot bot pushed a commit that referenced this pull request Jul 30, 2024
@github-actions @Naarcha-AWS
Add documentation on Kerberos configuration (#7844)
95ddf2f 
* Add documentation on Kerberos configuration.

Signed-off-by: Sokratis Papadopoulos <[email protected]>

* Add krb doc

Signed-off-by: Sokratis Papadopoulos <[email protected]>

* Reorder kerberos in backend list

Signed-off-by: Sokratis Papadopoulos <[email protected]>

* Reformat

Signed-off-by: Sokratis Papadopoulos <[email protected]>

* Typo on acceptor_principal

Signed-off-by: Sokratis Papadopoulos <[email protected]>

* Fix style

Signed-off-by: Sokratis Papadopoulos <[email protected]>

* Fix style

Signed-off-by: Sokratis Papadopoulos <[email protected]>

* Typo on acceptor_principal

Signed-off-by: Sokratis Papadopoulos <[email protected]>

* Add default value for boolean params

Signed-off-by: Sokratis Papadopoulos <[email protected]>

* Update kerberos.md

---------

Signed-off-by: Sokratis Papadopoulos <[email protected]>
Co-authored-by: Sokratis Papadopoulos <[email protected]>
Co-authored-by: Naarcha-AWS <[email protected]>
(cherry picked from commit 4388aa0)
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
@opensearch-trigger-bot opensearch-trigger-bot bot mentioned this pull request Jul 30, 2024
Merged
github-actions bot pushed a commit that referenced this pull request Jul 30, 2024
@opensearch-trigger-bot
Add documentation on Kerberos configuration (#7844) (#7864)
4bbf530
@spapadop spapadop deleted the security/kerberos branch July 30, 2024 16:50
mingshl pushed a commit to mingshl/documentation-website that referenced this pull request Aug 2, 2024
@spapadop @Naarcha-AWS @mingshl
Add documentation on Kerberos configuration (opensearch-project#7844)
875341c 
* Add documentation on Kerberos configuration.

Signed-off-by: Sokratis Papadopoulos <[email protected]>

* Add krb doc

Signed-off-by: Sokratis Papadopoulos <[email protected]>

* Reorder kerberos in backend list

Signed-off-by: Sokratis Papadopoulos <[email protected]>

* Reformat

Signed-off-by: Sokratis Papadopoulos <[email protected]>

* Typo on acceptor_principal

Signed-off-by: Sokratis Papadopoulos <[email protected]>

* Fix style

Signed-off-by: Sokratis Papadopoulos <[email protected]>

* Fix style

Signed-off-by: Sokratis Papadopoulos <[email protected]>

* Typo on acceptor_principal

Signed-off-by: Sokratis Papadopoulos <[email protected]>

* Add default value for boolean params

Signed-off-by: Sokratis Papadopoulos <[email protected]>

* Update kerberos.md

---------

Signed-off-by: Sokratis Papadopoulos <[email protected]>
Co-authored-by: Sokratis Papadopoulos <[email protected]>
Co-authored-by: Naarcha-AWS <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cwperks cwperks cwperks left review comments

@Naarcha-AWS Naarcha-AWS Naarcha-AWS approved these changes

@derek-ho derek-ho derek-ho approved these changes

@hdhalter hdhalter Awaiting requested review from hdhalter

@kolchfa-aws kolchfa-aws Awaiting requested review from kolchfa-aws kolchfa-aws is a code owner

@vagimeli vagimeli Awaiting requested review from vagimeli

@AMoo-Miki AMoo-Miki Awaiting requested review from AMoo-Miki AMoo-Miki is a code owner

@natebower natebower Awaiting requested review from natebower natebower is a code owner

@dlvenable dlvenable Awaiting requested review from dlvenable dlvenable is a code owner

@stephen-crawford stephen-crawford Awaiting requested review from stephen-crawford

@epugh epugh Awaiting requested review from epugh epugh is a code owner

Assignees

@derek-ho derek-ho

@Naarcha-AWS Naarcha-AWS

Labels
4 - Doc review PR: Doc review in progress backport 2.15
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[DOC] Add information regarding Kerberos integration
5 participants
@spapadop @cwperks @derek-ho @Naarcha-AWS @hdhalter