the question in the title ,
in the last few days we see that we have some issues with the ldap authentication . (we get time out after 10 secs)
our linux admin suggested to work with kerberos (which saves tickets on the server, instead of querying our ldap each time we connect to the elastic cluster) .
does ROR supports working with kerberos ?
Hi @sdba2, no we don’t support Kerberos natively within ROR plugin. If I were you I’d rather tweak the LDAP connector that is already configured and working. For example:
to simulate the ticket saving in Kerberos you could enable the credentials cache (valid and invalid credentials will be hashed and saved in memory into a LRU cache).
To circumvent the 10 seconds timeout, you can modify the LDAP server settings
Hello @sdba2 LDAP is a good option. You can even achieve member search in nested groups.
But if you’re an entreprise user, I think the best option is to use SAML authentication. This will give you SSO integration. This is probably what you’re trying to achieve with Kerberos.
Another option (if you’re not an Entreprise/Pro user and really need Kerberos) is to use Nginx/Apache as reverse proxy for Kerberos authentication.