cleanup

shainaraskas · shainaraskas · commit 19dd9c4392d7 · 2025-02-21T00:17:57.000-05:00
diff --git a/deploy-manage/users-roles/cluster-or-deployment-auth/active-directory.md b/deploy-manage/users-roles/cluster-or-deployment-auth/active-directory.md
@@ -332,4 +332,8 @@ For more information about these settings, see [Active Directory realm settings]
 
 ::::{note} 
 By default, when you configure {{es}} to connect to Active Directory using SSL/TLS, it attempts to verify the hostname or IP address specified with the `url` attribute in the realm configuration with the values in the certificate. If the values in the certificate and realm configuration do not match, {{es}} does not allow a connection to the Active Directory server. This is done to protect against man-in-the-middle attacks. If necessary, you can disable this behavior by setting the `ssl.verification_mode` property to `certificate`.
-::::
+::::
+
+### Using {{kib}} with Active Directory [ad-realm-kibana]
+
+The Active Directory security realm uses the {{kib}}-provided [basic authentication](/deploy-manage/users-roles/cluster-or-deployment-auth/kibana-authentication#basic-authentication) login form. Basic authentication is enabled by default.
diff --git a/deploy-manage/users-roles/cluster-or-deployment-auth/kerberos.md b/deploy-manage/users-roles/cluster-or-deployment-auth/kerberos.md
@@ -202,21 +202,25 @@ For detailed information of available realm settings, see [Kerberos realm settin
     You should use these exact filenames for {{ecloud}} to recognize the file in the bundle.
     ::::
 
-2. Edit your cluster configuration, sometimes also referred to as the deployment plan, to define Kerberos settings as described in [Elasticsearch documentation](/deploy-manage/users-roles/cluster-or-deployment-auth/kerberos.md).
+2. Edit your cluster configuration, sometimes also referred to as the deployment plan, to define  your Kerberos settings:
 
     ```sh
     xpack.security.authc.realms.kerberos.cloud-krb:
        order: 2
        keytab.path: es.keytab
        remove_realm_name: false
     ```
+
+    ::::{important}
+    The name of the realm must be `cloud-krb`, and the order must be 2: `xpack.security.authc.realms.kerberos.cloud-krb.order: 2`
+    ::::
 ::::
 
 ::::{tab-item} ECK
 
 1. Install your `krb5.conf` and `keytab` files as a [custom configuration file](/deploy-manage/deploy/cloud-on-k8s/custom-configuration-files-plugins.md). 
 
-2. Edit your cluster configuration, sometimes also referred to as the deployment plan, to define Kerberos settings as described in [Elasticsearch documentation](/deploy-manage/users-roles/cluster-or-deployment-auth/kerberos.md).
+2. Edit your cluster configuration to define your Kerberos settings:
 
     ```sh
     xpack.security.authc.realms.kerberos.cloud-krb:
@@ -258,7 +262,7 @@ POST /_security/role_mapping/kerbrolemapping
 In case you want to support Kerberos cross realm authentication, you may need to map roles based on the Kerberos realm name. For such scenarios, the following additional user metadata can be used for role mapping: 
 
 - `kerberos_realm`: The Kerberos realm name. 
-- `kerberos_user_principal_name` The user principal name from the Kerberos ticket.
+- `kerberos_user_principal_name`: The user principal name from the Kerberos ticket.
 
 For more information, see [Mapping users and groups to roles](/deploy-manage/users-roles/cluster-or-deployment-auth/mapping-users-groups-to-roles.md).
 
@@ -268,4 +272,4 @@ The Kerberos realm supports [authorization realms](/deploy-manage/users-roles/cl
 
 ### Configure Kibana for Kerberos [kerberos-realm-kibana]
 
-If you want to use Kerberos to authenticate using your browser and {{kib}}, you need to enable the relevant authentication provider in {{kib}} configuration. See [kerberos single sign-on](/deploy-manage/users-roles/cluster-or-deployment-auth/kibana-authentication.md#kerberos)
+If you want to use Kerberos to authenticate using your browser and {{kib}}, you need to enable the relevant authentication provider in {{kib}} configuration. See [Kerberos single sign-on](/deploy-manage/users-roles/cluster-or-deployment-auth/kibana-authentication.md#kerberos)
diff --git a/deploy-manage/users-roles/cluster-or-deployment-auth/ldap.md b/deploy-manage/users-roles/cluster-or-deployment-auth/ldap.md
@@ -331,4 +331,10 @@ For more information about these settings, see [LDAP realm settings](https://www
 
 ::::{note} 
 By default, when you configure {{es}} to connect to an LDAP server using SSL/TLS, it attempts to verify the hostname or IP address specified with the `url` attribute in the realm configuration with the values in the certificate. If the values in the certificate and realm configuration do not match, {{es}} does not allow a connection to the LDAP server. This is done to protect against man-in-the-middle attacks. If necessary, you can disable this behavior by setting the `ssl.verification_mode` property to `certificate`.
-::::
+::::
+
+### Using {{kib}} with LDAP [ldap-realm-kibana]
+
+The LDAP security realm uses the {{kib}}-provided [basic authentication](/deploy-manage/users-roles/cluster-or-deployment-auth/kibana-authentication#basic-authentication) login form. Basic authentication is enabled by default.
+
+You can also use LDAP with [token authentication](/deploy-manage/users-roles/cluster-or-deployment-auth/kibana-authentication#token-authentication) in Kibana.
