Deployment Architecture

LDAP bind password left in clear text on deployer

nyajoefit22
Loves-to-Learn Lots

What would be the proper way to push an authentication.conf from the deployer and have the bind password not left in clear text? Is it possible to push the authentication from the deployer without the bind password  and then add another authentication.conf manually to each search head in system local with only the bind password in the stanza? After restart of the search head cluster I’m thinking the bind password would then be encrypted? Would this be the proper way to do this? Would appreciate any other suggestions. 

Labels (3)
0 Karma

MuS
Legend

Hi there,

we worked around this problem by having the same 'splunk.secret' file on all instances, this enables you to have encrypted passwords or secrets in your deployment apps.

Hope this helps ...

cheers, MuS

0 Karma

sanjvrdy
Engager

Hi @nyajoefit22 

Yes! you can push the authentication config from Deployer without bind password and just add the bind password under system/local and restart each search head/rolling restart of SHC. This would avoid plain text password in TA.

joeknows34
Engager

Ok so push the authentication.conf from the deployer and on each search head and create a authentication.conf in system/local without the bind password in the stanza in clear text. something like this 

[ldap_1]
bindDNpassword = abc123

then do a rolling restart on all of sh cluster and then the password should be encrypted

0 Karma
Get Updates on the Splunk Community!

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

Industry Solutions for Supply Chain and OT, Amazon Use Cases, Plus More New Articles ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Enterprise Security Content Update (ESCU) | New Releases

In November, the Splunk Threat Research Team had one release of new security content via the Enterprise ...