mirror of
https://github.com/elastic/elasticsearch.git
synced 2025-04-25 07:37:19 -04:00
0eb2baa07d
This change introduces a new CLI tool that can be used to set and reset the password of all the built-in users and users in the native realm in Elasticsearch. It depends on the file realm being enabled (which it is, by default) and can (re)set one built-in user password at a time. It removes the previously introduced elasticsearch-reset-elastic-password and elasticsearch-reset-kibana-system-password as their functionality is covered by this new tool.
80 lines
2.7 KiB
Text
80 lines
2.7 KiB
Text
[roles="xpack"]
|
|
[[reset-password]]
|
|
== elasticsearch-reset-password
|
|
|
|
The `elasticsearch-reset-password` command resets the passwords of users in
|
|
the native realm and built-in users.
|
|
|
|
|
|
[discrete]
|
|
=== Synopsis
|
|
|
|
[source,shell]
|
|
----
|
|
bin/elasticsearch-reset-password
|
|
[-a, --auto] [-b, --batch] [-E <KeyValuePair]
|
|
[-f, --force] [-h, --help] [-i, --interactive]
|
|
[-s, --silent] [-u, --username] [-v, --verbose]
|
|
----
|
|
|
|
[discrete]
|
|
=== Description
|
|
|
|
Use this command to reset the password of any user in the native realm
|
|
or any built-in user. By default, a strong password is generated for you.
|
|
To explicitly set a password, run the tool in interactive mode with `-i`.
|
|
The command generates (and subsequently removes) a temporary user in the
|
|
<<file-realm,file realm>> to run the request that changes the user password.
|
|
|
|
IMPORTANT: You cannot use this tool if the file realm is disabled in your `elasticsearch.yml` file.
|
|
|
|
This command uses an HTTP connection to connect to the cluster and run the user
|
|
management requests. The command automatically attempts to establish the connection
|
|
over HTTPS by using the `xpack.security.http.ssl` settings in
|
|
the `elasticsearch.yml` file. If you do not use the default configuration directory
|
|
location, ensure that the `ES_PATH_CONF` environment variable returns the
|
|
correct path before you run the `elasticsearch-reset-password` command. You can
|
|
override settings in your `elasticsearch.yml` file by using the `-E` command
|
|
option. For more information about debugging connection failures, see
|
|
<<trb-security-setup>>.
|
|
|
|
[discrete]
|
|
[[reset-password-parameters]]
|
|
=== Parameters
|
|
|
|
|
|
`-a, --auto`:: Resets the password of the specified user to an auto-generated strong password. (Default)
|
|
|
|
`-b, --batch`:: Runs the reset password process without prompting the user for verification.
|
|
|
|
`-E <KeyValuePair>`:: Configures a standard {es} or {xpack} setting.
|
|
|
|
`-f, --force`:: Forces the command to run against an unhealthy cluster.
|
|
|
|
`-h, --help`:: Returns all of the command parameters.
|
|
|
|
`-i, --interactive`:: Prompts for the password of the specified user. Use this option to explicitly set a password.
|
|
|
|
`-s --silent`:: Shows minimal output in the console.
|
|
|
|
`-u, --username`:: The username of the native realm user or built-in user.
|
|
|
|
`-v --verbose`:: Shows verbose output in the console.
|
|
[discrete]
|
|
=== Examples
|
|
|
|
The following example resets the password of the `elastic` user to an auto-generated value and
|
|
prints the new password in the console.
|
|
|
|
[source,shell]
|
|
----
|
|
bin/elasticsearch-reset-password -u elastic
|
|
----
|
|
|
|
The following example resets the password of a native user with username `user1` after prompting
|
|
in the terminal for the desired password:
|
|
|
|
[source,shell]
|
|
----
|
|
bin/elasticsearch-reset-password --username user1 -i
|
|
----
|