https://community.splunk.com/t5/Security/Splunk-Configuration-of-Password-encryption-and-Complexity/m-p/130685#M3942 <P>There's a setting in <CODE>authentication.conf</CODE>: <A href="http://docs.splunk.com/Documentation/Splunk/6.1.2/Admin/Authenticationconf">http://docs.splunk.com/Documentation/Splunk/6.1.2/Admin/Authenticationconf</A></P> <PRE><CODE>passwordHashAlgorithm = [SHA512-crypt|SHA256-crypt|SHA512-crypt-&lt;num_rounds&gt;|SHA256-crypt-&lt;num_rounds&gt;|MD5-crypt] </CODE></PRE> <P>I believe the password requirements with built-in authentication is limited to requiring a certain length (same .conf):</P> <PRE><CODE>minPasswordLength = &lt;positive integer&gt; </CODE></PRE> <P>For more sophisticated complexity requirements you should use external authentication, such as Active Directory.</P> Thu, 03 Jul 2014 20:09:12 GMT martin_mueller 2014-07-03T20:09:12Z https://community.splunk.com/t5/Security/Splunk-Configuration-of-Password-encryption-and-Complexity/m-p/130684#M3941 <P>I am trying to determine how SPLUNK passwords are stored using one way encryption. I am also trying to determine if I can change the SPLUNK complexity passwords requirements for users.</P> Thu, 03 Jul 2014 18:42:54 GMT https://community.splunk.com/t5/Security/Splunk-Configuration-of-Password-encryption-and-Complexity/m-p/130684#M3941 rogerroger 2014-07-03T18:42:54Z https://community.splunk.com/t5/Security/Splunk-Configuration-of-Password-encryption-and-Complexity/m-p/130685#M3942 <P>There's a setting in <CODE>authentication.conf</CODE>: <A href="http://docs.splunk.com/Documentation/Splunk/6.1.2/Admin/Authenticationconf">http://docs.splunk.com/Documentation/Splunk/6.1.2/Admin/Authenticationconf</A></P> <PRE><CODE>passwordHashAlgorithm = [SHA512-crypt|SHA256-crypt|SHA512-crypt-&lt;num_rounds&gt;|SHA256-crypt-&lt;num_rounds&gt;|MD5-crypt] </CODE></PRE> <P>I believe the password requirements with built-in authentication is limited to requiring a certain length (same .conf):</P> <PRE><CODE>minPasswordLength = &lt;positive integer&gt; </CODE></PRE> <P>For more sophisticated complexity requirements you should use external authentication, such as Active Directory.</P> Thu, 03 Jul 2014 20:09:12 GMT https://community.splunk.com/t5/Security/Splunk-Configuration-of-Password-encryption-and-Complexity/m-p/130685#M3942 martin_mueller 2014-07-03T20:09:12Z https://community.splunk.com/t5/Security/Splunk-Configuration-of-Password-encryption-and-Complexity/m-p/130686#M3943 <P>Best thing you can do there is SHA256-crypt-1000000 . This makes it almost impossible to guess passwords unless you have "Welcome-2016". </P> <P>In our case we did not have the slow downs mentioned in the doc.</P> Tue, 01 Nov 2016 11:28:54 GMT https://community.splunk.com/t5/Security/Splunk-Configuration-of-Password-encryption-and-Complexity/m-p/130686#M3943 msmith4 2016-11-01T11:28:54Z