@@ -150,9 +150,9 @@ For a native realm, the `type` must be set to `native`. In addition to the
150150<<ref-realm-settings,settings that are valid for all realms>>, you can specify
151151the following optional settings:
152152
153- `cache.ttl`:: The time-to-live for cached user entries. User credentials are
154- cached for this period of time. Specify the time period using the standard
155- {es} <<time-units,time units>>. Defaults to `20m`.
153+ `cache.ttl`:: The time-to-live for cached user entries. A user and a hash of its
154+ credentials are cached for this period of time. Specify the time period using
155+ the standard {es} <<time-units,time units>>. Defaults to `20m`.
156156
157157`cache.max_users`:: The maximum number of user entries that can live in the
158158cache at any given time. Defaults to 100,000.
@@ -169,9 +169,9 @@ in-memory cached user credentials. For possible values, see
169169===== File realm settings
170170
171171`cache.ttl`::
172- The time-to-live for cached user entries-- user credentials are cached for
173- this configured period of time. Defaults to `20m`. Specify values using the
174- standard Elasticsearch {ref}/common-options.html#time-units[time units].
172+ The time-to-live for cached user entries. A user and a hash of its credentials
173+ are cached for this configured period of time. Defaults to `20m`. Specify values
174+ using the standard {es} {ref}/common-options.html#time-units[time units].
175175Defaults to `20m`.
176176
177177`cache.max_users`::
@@ -261,9 +261,7 @@ an entry with the username provided by the user. Defaults to `(uid={0})`.
261261
262262`user_search.attribute`::
263263deprecated[5.6] Use `user_search.filter` instead.
264- The attribute to match with the username presented to.
265- //TBD: Is this incomplete? Presented to what?
266- Defaults to `uid`.
264+ The attribute to match with the username sent with the request. Defaults to `uid`.
267265
268266`user_search.pool.enabled`::
269267Enables or disables connection pooling for user search. If set to `false`, a new
@@ -305,14 +303,15 @@ Specifies whether the group search should be `sub_tree`, `one_level` or
305303`base` specifies that the `base_dn` is a group object, and that it is the
306304only group considered. Defaults to `sub_tree`.
307305
308- `group_search.filter`:: Specifies a filter to use to look up a group.
306+ `group_search.filter`::
307+ Specifies a filter to use to look up a group.
309308When not set, the realm searches for `group`, `groupOfNames`, `groupOfUniqueNames`,
310309or `posixGroup` with the attributes `member`, `memberOf`, or `memberUid`. Any
311310instance of `{0}` in the filter is replaced by the user attribute defined in
312311`group_search.user_attribute`.
313312
314313`group_search.user_attribute`::
315- Specifies the user attribute is fetched and provided as a parameter to
314+ Specifies the user attribute that is fetched and provided as a parameter to
316315the filter. If not set, the user DN is passed into the filter. Defaults to Empty.
317316
318317`unmapped_groups_as_roles`::
@@ -425,8 +424,8 @@ Java Cryptography Architecture documentation]. Defaults to the value of
425424`xpack.ssl.cipher_suites`.
426425
427426`cache.ttl`::
428- Specifies the time-to-live for cached user entries. A user and its credentials
429- are cached for this period of time. Use the standard {es}
427+ Specifies the time-to-live for cached user entries. A user and a hash of its
428+ credentials are cached for this period of time. Use the standard {es}
430429<<time-units,time units>>. Defaults to `20m`.
431430
432431`cache.max_users`::
@@ -637,8 +636,8 @@ Java Cryptography Architecture documentation]. Defaults to the value of
637636`xpack.ssl.cipher_suites`.
638637
639638`cache.ttl`::
640- Specifies the time-to-live for cached user entries ( user
641- credentials are cached for this configured period of time) . Use the
639+ Specifies the time-to-live for cached user entries. A user and a hash of its
640+ credentials are cached for this configured period of time. Use the
642641standard Elasticsearch {ref}/common-options.html#time-units[time units]).
643642Defaults to `20m`.
644643
@@ -688,8 +687,9 @@ Specifies the {xpack-ref}/security-files.html[location] of the
688687Defaults to `CONFIG_DIR/x-pack/role_mapping.yml`.
689688
690689`cache.ttl`::
691- Specifies the time-to-live for cached user entries. Use the
692- standard Elasticsearch {ref}/common-options.html#time-units[time units]).
690+ Specifies the time-to-live for cached user entries. A user and a hash of its
691+ credentials are cached for this period of time. Use the
692+ standard {es} {ref}/common-options.html#time-units[time units]).
693693Defaults to `20m`.
694694
695695`cache.max_users`::
0 commit comments