I know that we can disable password change for all Splunk users by running the following command on the Search Head:
touch $SPLUNK_HOME/etc/.ui_login
However, I'd like to disable password change via Splunk Web for only one user. Is this possible?
You would probably have to create a custom role on the search head for the user and create that role without the change_own_password capability.
You would probably have to create a custom role on the search head for the user and create that role without the change_own_password capability.