I downloaded the SA LDAP Search and noticed that the password for the account that I use to search my domains is stored in base64. Are there any plans to make it more secure like the authentication.conf LDAP strategies? We were able to get the designers of the Cisco IPS app to pass the authentication through the app instead of storing passowrds in conf files.
Hi, we switched to Splunk's internal password storage mechanism in 2014 (version 2.0).
There are definitely more secure ways of storing passwords, which they should be using. in the meantime, here's how to "securely" (at least on your own box, not through some internet service) base64 your password:
$ ./bin/splunk cmd python >>> import base64 >>> base64.b64encode('enterMyPWhere') 'base64encpwhere=='
Don't forget to leave off the quotes when pasting back in to the conf file!
Also, If I enter a password in as base 64, it does not work, but if I do it in plaintext, it does. Thanks for the assistance!