Archive

Puppet'ising configuration files but stuck on password hashes.

hamiltonb
New Member

I am trying to have Puppet automate the deployment of Splunk in my environment(s), however I do not know the password hashing algorithm Splunk uses (as of Splunk Enterprise v6.2.2) to dynamically add hashes directly to configuration files.

Does anyone know the algorithm?

I've tried using openssl and guessing the hash, e.g. SHA1/256/512, MD5, but the output is not the same since the strings are alphanumeric whereas the hashes in the Splunk configuration files are a mix of alpha and non-alphanumeric characters.

0 Karma

yannK
Splunk Employee
Splunk Employee

One of the method to resolve the issue is to get the password hashed the same way on each instance.
To achieve this, you need to unify your splunk.secret key (in $SPLUNK_HOME/etc/auth/splunk.secret. )

Then when you prepare your config on a separate server that has the same splunk.secret , you restart splunk to apply them, and get the password encrypted in the local folders. Then you can push this pre-hashed file that all the other servers will be able to read.

see http://docs.splunk.com/Documentation/Splunk/latest/Security/Deploysecurepasswordsacrossmultipleserve...

Preferably before you start splunk the first time.
Or if you do change it afterward, you will have to clear some files to have them being rehashed.
in $SPLUNK_HOME/etc/passwd $SPLUNK_HOME/etc/system/local/server.conf
and optionally authentication.conf, outputs.conf, inputs.conf, and other special apps passwords fields.

0 Karma

tragiccode
New Member

i'm having this same issue. anyone from splunk know?

0 Karma
Take the 2021 Splunk Career Survey

Help us learn about how Splunk has
impacted your career by taking the 2021 Splunk Career Survey.

Earn $50 in Amazon cash!