Failed to run ROR with Unix Authentication


(Vadim) #1

I’m testing Unix Auth on single node cluster running it on RHEL server.
ES 5.6.3 and readonlyrest-1.16.13-pre1_es5.6.3.zip
The existing entry in the /etc/shadow file, related to my account (on server where the es+ror are running) is vadim:xyz12C3tr8Avb:15420::::::
I’m not sure how exactly to use this entry for ror unix auth or even I can use it at all?
I’ve tried different scenarios to hash the values “vadim:xyz12C3tr8Avb”, “xyz12C3tr8Avb” with Base64, sha256 and then assign them to auth_key_unix in es yml file and run curl with header to test this but it does not work.

I think I should Not use my existing personal account entry in shadow file for this unix auth testing and I need to (1)use let’s say the “uname” user and “upwd” password, (2)generate hash sha512 for “upwd” using python script on github.com/sscarduzio/elasticsearch-readonlyrest-plugin in the "USE CASE: Unix Authentication"section, (3)assign auth_key_unix: uname:sh512(upwd), (4)ADD APPROPRIATE ENTRY related to uname:upwd to /etc/shadow file, (5)start es, (6) run cURL (not sure which value for uname:upwd to use in the header either hashed Base64 or SHA512)
Is this correct ?
Any advise or help will be appreciated.