Skip to content

[DOCS] Add configurable password hashing docs #32849

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 9 commits into from
Aug 21, 2018
Merged

[DOCS] Add configurable password hashing docs #32849

merged 9 commits into from
Aug 21, 2018

Conversation

jkakavas
Copy link
Member

Adds documentation about the newly introduced configuration option
for setting the password hashing algorithm to be used for the users
cache and for storing credentials for the native and file realm.

@jkakavas
[DOCS] Add configurable password hashing docs
af2e286 
Adds documentation about the newly introduced configuration option
for setting the password hashing algorithm to be used for the users
cache and for storing credentials for the native and file realm.
@jkakavas
Move hashing setting to its own section
8fde52e
@jkakavas jkakavas added >docs General docs changes v7.0.0 :Security/Authentication Logging in, Usernames/passwords, Realms (Native/LDAP/AD/SAML/PKI/etc) v6.4.0 v6.5.0 labels Aug 14, 2018
@elasticmachine
Copy link
Collaborator

Pinging @elastic/es-security

@lcawl
Copy link
Contributor

lcawl commented Aug 16, 2018

I think it makes sense for the hash algorithm lists appear in the security settings page instead of the Stack Overview. I've made that change in 74048ff

@lcawl
Copy link
Contributor

lcawl commented Aug 16, 2018

The new password-hashing.asciidoc file isn't included in either the Stack Overview or the Elasticsearch Reference at this point. I actually recommend removing it. I put the gist of that information in a note in the configuring-native-realm.asciidoc and configuring-file-realm.asciidoc pages instead.

If you think the concept of password hashing should be covered in the Stack Overview after all, let me know and I can add that page to the table of contents, but as it is, I think the password-hashing.asciidoc file should just be deleted.

@jkakavas
Copy link
Member Author

I think the password-hashing.asciidoc file should just be deleted.

Agreed. I think everything is covered in security-hash-settings.asciidoc and your additions to the configuring-X-realm.asciidoc.

Thank you @lcawl

lcawl
lcawl approved these changes Aug 16, 2018
View reviewed changes
Copy link
Contributor

@lcawl lcawl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

jaymode
jaymode approved these changes Aug 17, 2018
View reviewed changes
Copy link
Member

@jaymode jaymode left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

docs/reference/settings/security-hash-settings.asciidoc Outdated
==== User cache and password hash algorithms

Certain realms store user credentials in memory. To limit exposure
to credential theft and mitigate credential compromise, cached user credentials
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

maybe To limit exposure to credential theft and mitigate credential compromise, the cache only stored a hashed version of the user credentials

Copy link
Member Author

@jkakavas jkakavas Aug 17, 2018
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍 Thanks, I like that better too, made relevant changes to configuring-{native,file}-realm.asciidoc

albertzaharovits
albertzaharovits approved these changes Aug 19, 2018
View reviewed changes
Copy link
Contributor

@albertzaharovits albertzaharovits left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@lcawl lcawl mentioned this pull request Aug 21, 2018
Merged
@jkakavas jkakavas merged commit 65d4f27 into elastic:master Aug 21, 2018
jkakavas added a commit that referenced this pull request Aug 21, 2018
@jkakavas
[DOCS] Add configurable password hashing docs (#32849)
d600286 
* [DOCS] Add configurable password hashing docs

Adds documentation about the newly introduced configuration option
for setting the password hashing algorithm to be used for the users
cache and for storing credentials for the native and file realm.
jkakavas added a commit that referenced this pull request Aug 21, 2018
@jkakavas
[DOCS] Add configurable password hashing docs (#32849)
b77e977 
Adds documentation about the newly introduced configuration option
for setting the password hashing algorithm to be used for the users
cache and for storing credentials for the native and file realm.
@jkakavas jkakavas deleted the pwd-hashing-docs branch September 14, 2018 06:49
@colings86 colings86 removed the v7.0.0 label Feb 7, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jaymode jaymode jaymode approved these changes

@albertzaharovits albertzaharovits albertzaharovits approved these changes

@lcawl lcawl lcawl approved these changes

Assignees
No one assigned
Labels
>docs General docs changes :Security/Authentication Logging in, Usernames/passwords, Realms (Native/LDAP/AD/SAML/PKI/etc) v6.4.0 v6.5.0 v7.0.0-beta1
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@jkakavas @elasticmachine @lcawl @jaymode @albertzaharovits @colings86