Solved: Can the PASSWORD within user-seed.conf be hashed r...

chris_barrett · ‎01-18-2016

Can the PASSWORD in the user-seed.conf file be a hashed representation, or does it need to be specified in the clear?

chris_barrett · ‎07-25-2018

Answering my own question here ... The ability to specify a hashed password was added in Splunk 7.1.0.

Ref: http://docs.splunk.com/Documentation/Splunk/7.1.0/Admin/User-seedconf

View solution in original post

chris_barrett · ‎07-25-2018

Answering my own question here ... The ability to specify a hashed password was added in Splunk 7.1.0.

Ref: http://docs.splunk.com/Documentation/Splunk/7.1.0/Admin/User-seedconf

acharlieh · ‎05-01-2017

Trying it out on 6.5.3 on Mac, I took the hash of the password I had from the passwd file, and set it into user-seed.conf and removed the passwd file and restarted... the user was then created with the password not as the previous password, but as the hash itself. as a result it seems this is a specified in the clear sort of thing...

Unless someone finds an undocumented option to do otherwise, but thought I would share the attempt.

EDIT: Although it occurs to me, if you already have the hashed version of the password, for the admin account... you probably could just drop the generated $SPLUNK_HOME/etc/passwd file everywhere, (and touch $SPLUNK_HOME/etc/.ui_login while you're at it...)

Can the PASSWORD within user-seed.conf be hashed rather than in clear text?

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?