https://community.splunk.com/t5/Splunk-Search/Admin-Passwords-Across-Clusters/m-p/404314#M116957 <P>Thank you. That was also my assumption, but getting it in answers was my goal. </P> Wed, 05 Jun 2019 11:08:54 GMT jaxjohnny2000 2019-06-05T11:08:54Z https://community.splunk.com/t5/Splunk-Search/Admin-Passwords-Across-Clusters/m-p/404310#M116953 <P>Just to be sure, does the admin password need to be the same for each component in the Search Head or Index Cluster? </P> Tue, 04 Jun 2019 17:49:46 GMT https://community.splunk.com/t5/Splunk-Search/Admin-Passwords-Across-Clusters/m-p/404310#M116953 jaxjohnny2000 2019-06-04T17:49:46Z https://community.splunk.com/t5/Splunk-Search/Admin-Passwords-Across-Clusters/m-p/404311#M116954 <P>@jaxjohnny - No it does not need to be same. The pass4symmkey for cluster would be one .</P> Tue, 04 Jun 2019 19:11:44 GMT https://community.splunk.com/t5/Splunk-Search/Admin-Passwords-Across-Clusters/m-p/404311#M116954 Vijeta 2019-06-04T19:11:44Z https://community.splunk.com/t5/Splunk-Search/Admin-Passwords-Across-Clusters/m-p/404312#M116955 <P>@jaxjohnny2000, more about <CODE>pass4symmkey</CODE> at <A href="https://docs.splunk.com/Documentation/Splunk/7.2.6/Security/Aboutsecuringclusters">Secure your clusters with pass4SymmKey</A></P> <P>And to be clear it says there - </P> <P><CODE>pass4SymmKey</CODE> controls authentication between Splunk instances and does not manage user access.</P> Tue, 04 Jun 2019 19:52:04 GMT https://community.splunk.com/t5/Splunk-Search/Admin-Passwords-Across-Clusters/m-p/404312#M116955 ddrillic 2019-06-04T19:52:04Z https://community.splunk.com/t5/Splunk-Search/Admin-Passwords-Across-Clusters/m-p/404313#M116956 <P>Hi @jaxjohnny2000,</P> <P>Admin password doesn't have to be the same accross all hosts and I would also say <STRONG>shouldnt be</STRONG>. </P> <P>Only <CODE>pass4SymmKey</CODE>should be the same for your cluster config but even that key can be different for different components (SH cluster can use a key that is different from your IDX cluster).</P> <P>Most clients configure centralized authentication (LDAP based for example) and would use real user credentials while giving the admin user a complex password. This password is then stored somewhere safe and isnt used in day to day configs; only for intial setup.</P> <P>So to keep it short same admin password everywhere is for lazy people and is not secure, best not share the same one.</P> <P>Cheers,<BR /> David</P> Wed, 05 Jun 2019 04:15:38 GMT https://community.splunk.com/t5/Splunk-Search/Admin-Passwords-Across-Clusters/m-p/404313#M116956 DavidHourani 2019-06-05T04:15:38Z https://community.splunk.com/t5/Splunk-Search/Admin-Passwords-Across-Clusters/m-p/404314#M116957 <P>Thank you. That was also my assumption, but getting it in answers was my goal. </P> Wed, 05 Jun 2019 11:08:54 GMT https://community.splunk.com/t5/Splunk-Search/Admin-Passwords-Across-Clusters/m-p/404314#M116957 jaxjohnny2000 2019-06-05T11:08:54Z https://community.splunk.com/t5/Splunk-Search/Admin-Passwords-Across-Clusters/m-p/404315#M116958 <P>The question was </P> <BLOCKQUOTE> <P>does the admin password need to be the<BR /> same for each component in the Search<BR /> Head or Index Cluster</P> </BLOCKQUOTE> <P>So while the above answer above is semi-correct, it doesn't need to be the same across all hosts from the perspective that forwarder admin passwords can be different from each other and the search heads. The admin passwords across the search heads in any given search head cluster do need to be the same since the cluster will synchronize the passwords of local accounts.</P> Wed, 04 Sep 2019 17:14:56 GMT https://community.splunk.com/t5/Splunk-Search/Admin-Passwords-Across-Clusters/m-p/404315#M116958 triest 2019-09-04T17:14:56Z