Monitoring Splunk
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Clarify where pass4symmkey is used to authenticate client connections

iamjvn
Explorer
‎03-09-2018 01:29 PM

In the search heads clustering and indexer clustering, the language is such that it sounds like pass4symmkey is used only for client authentication from other search heads or indexers.

I have since seen references in forwarder, cluster master and monitor configuration.

Can someone please clarify whether pass4symmkey is actually used for all client connections to the Management/API/8089 service.

And does pass4symmkey simply compliment client-certificate for connection authentication.

thanks

Reply

strive
Influencer
‎03-09-2018 04:35 PM

Hi,

The value of pass4SymmKey (the secret key) attribute in server.conf should be same across all the Cluster instances. It authenticates the traffic between license master and its slaves, members of the cluster.

The splunk's server.conf has clear details about this key. http://docs.splunk.com/Documentation/Splunk/7.0.2/admin/Serverconf

And does pass4symmkey simply compliment client-certificate for connection authentication -- The answer is No.

Reply

damiensurat
Contributor
‎03-09-2018 02:26 PM

Hi there iamjvn. Duane Waddle gave a great overview of Splunk's various ssl options across the entire deployment. You should check it out, as I think it may help in answering your question.

https://www.duanewaddle.com/wp-content/uploads/2014/10/Splunk-SSL-Presentation.pdf
https://www.duanewaddle.com/splunk-conf-2014/

Cheers!

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...