Ok. Thanks for the follow-up/information.

I have created the file user-seed.conf file in $SPLUNK_HOME/etc/system/local as 

pre installation instruction.

The user-seed.conf file is only used the first time the Splunk UF starts, and is automatically deleted.

(from what I read in the installation instruction)

In my case every time I run for example splunk list monitor or splunk list guid I still see:

Your session is invalid. Please login.

Splunk username:

If I  type admin as login and the admin passwd I am getting the GUID info however in other servers/in other installation that I did in the past I did not have this issue.

I am trying to see why in this specific case I ha/opt/splunkforwarder/etcve this problem.

I tried to remove the file:  /opt/splunkforwarder/etc/passwd and I restarted splunkd process

but still is  asking me the same "credential message".

Please any suggestion will be great. Thanks.

I'm not understanding the problem.  What's wrong with needing to sign in to the forwarder before a command will work?  Credentials usually are cached so you don't have to re-enter them with every command, but the cache is cleared when the UF restarts.

Deleting the etc/passwd file removes all credentials so you no longer will be able to authenticate.  Unlike older versions of Splunk, there are no default credentials created when the passwd file is removed.