topic Re: admin password on command line in Security

admin password on command line

steinerdani — Wed, 01 Dec 2010 23:10:02 GMT

The splunkweb front end (webserver) is disabled. How can I check the admin password from the command line?

Re: admin password on command line

MarioM — Thu, 02 Dec 2010 00:18:45 GMT

Do you mean changing the admin password? For example:

./splunk edit user admin -password foo -role admin -auth admin:changeme

This command changes the admin password from changeme to foo.

Note: Passwords with special characters that would be interpreted by the shell (for example $ or !) must be either escaped or single-quoted:

./splunk edit user admin -password 'fflanda$' -role admin -auth admin:changeme

./splunk edit user admin -password fflanda\$ -role admin -auth admin:changeme

Re: admin password on command line

southeringtonp — Thu, 02 Dec 2010 00:19:48 GMT

You can't decrypt the password if that's what you're asking.

You can reset it: http://answers.splunk.com/questions/834/how-could-i-reset-the-admin-password

Or just try logging in from the command line:

splunk login

Another option would be to try logging in via the REST API. Here's an example: http://answers.splunk.com/questions/8940/how-can-i-run-searches-against-the-splunk-api

Re: admin password on command line

suttonj — Wed, 04 Mar 2015 16:11:19 GMT

this process will expose the new password in clear text in the servers history. Is there a way of doing this without exposing the password? (other than doing it on one server then deleteing the history and then copy the passwd file to all other servers than need their password changed from the default)

Re: admin password on command line

corydodt — Tue, 21 Jun 2016 01:36:32 GMT

Try this

# read -s 'pw?password: '; echo; splunk edit user admin -password "$pw" -role admin -auth admin:changeme
password: 
User admin edited.

Re: admin password on command line

ThomasControlw1 — Fri, 10 Mar 2017 15:48:38 GMT

history -c will deleate all your CLI history 😄
cheers