Re: splunk edit user admin clears admin password i...

wsanderstii · ‎05-03-2017

I found this answer about changing the admin password in splunk (I am using splunkforwarder 4.5.2 actually):

https://answers.splunk.com/answers/9465/admin-password-on-command-line.html

After I issue the command " ./splunk edit user admin -password foo -role admin -auth admin:changeme" this seems to actually clear the password instead of resetting it. In other words, even after I log out of the host and log back in, I am no longer prompted for a username and password.

Is this supposed to happen?

It doesn't bother me too much because only root has permission to run the splunk command line tool anyway. And the password change does take effect on the Atom server on port 8089.

w

wsanderstii · ‎05-04-2017

Splunk is not actually clearing the password - the " ./splunk edit user admin -password foo -role admin -auth admin:changeme" is only for use when the password is the default post-install "admin/changeme". When the command is run, the " -auth admin:changeme" parameters authenticate the user, and the authentication is cached for a period of time. At the same time, the command changes the password and updates the $SPLUNK_HOME/etc/passwd file.

DalJeanis · ‎05-04-2017

Interesting. so, the authentication is persistent for a period, thus not requiring the new password be entered?

splunk edit user admin clears admin password instead of changing it

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Index This | What travels the world but is also stuck in place?

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...

Join the Conversation