Solved: How do we change an user password from command lin...

mlevsh · ‎02-21-2017

For security reasons, we need an user to change Splunk user's password so it won't be visible to other people. And we need to do it from a command line only. What's the command to change splunk password without using a new password as a -password parameter?

woodcock · ‎02-21-2017

You can make sure that your Splunk nodes have the same shared secret and you can copy a user from $SPLUNK_HOME/etc/passwd from one system to another and this sets it to that known password. Alternatively, you could make use of passwords.conf (this is from $SPLUNK_HOME/etc/system/README/passwords.conf*😞

#   Version 6.5.1
#
# The following are example passwords.conf configurations. Configure properties for
# your custom application.
#
# There is NO DEFAULT passwords.conf. The file only gets created once you add/edit
# a credential information via the storage endpoint as follows.
#
# The POST request to add user1 credentials to the storage/password endpoint
# curl -k -u admin:changeme https://localhost:8089/servicesNS/nobody/search/storage/passwords -d name=user1 -d password=changeme2
#
# The GET request to list all the credentials stored at the storage/passwords endpoint
# curl -k -u admin:changeme https://localhost:8089/services/storage/passwords
#
# To use one or more of these configurations, copy the configuration block into
# passwords.conf in $SPLUNK_HOME/etc/<apps>/local/. You must restart Splunk to
# enable configurations.
#
# To learn more about configuration files (including precedence) please see the
# documentation located at
# http://docs.splunk.com/Documentation/Splunk/latest/Admin/Aboutconfigurationfiles    
#

[credential::testuser:]
password = changeme

View solution in original post

woodcock · ‎02-21-2017

You can make sure that your Splunk nodes have the same shared secret and you can copy a user from $SPLUNK_HOME/etc/passwd from one system to another and this sets it to that known password. Alternatively, you could make use of passwords.conf (this is from $SPLUNK_HOME/etc/system/README/passwords.conf*😞

#   Version 6.5.1
#
# The following are example passwords.conf configurations. Configure properties for
# your custom application.
#
# There is NO DEFAULT passwords.conf. The file only gets created once you add/edit
# a credential information via the storage endpoint as follows.
#
# The POST request to add user1 credentials to the storage/password endpoint
# curl -k -u admin:changeme https://localhost:8089/servicesNS/nobody/search/storage/passwords -d name=user1 -d password=changeme2
#
# The GET request to list all the credentials stored at the storage/passwords endpoint
# curl -k -u admin:changeme https://localhost:8089/services/storage/passwords
#
# To use one or more of these configurations, copy the configuration block into
# passwords.conf in $SPLUNK_HOME/etc/<apps>/local/. You must restart Splunk to
# enable configurations.
#
# To learn more about configuration files (including precedence) please see the
# documentation located at
# http://docs.splunk.com/Documentation/Splunk/latest/Admin/Aboutconfigurationfiles    
#

[credential::testuser:]
password = changeme

mlevsh · ‎02-22-2017

@woodcock, thank you for your suggestions! Tested copying of $SPLUNK_HOME/etc/passwd file to another server, restarted splunk and it worked.

woodcock · ‎02-22-2017

Excellent! Be sure to click Accept to close the question.

How do we change an user password from command line with user entering password?

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

Transform your security operations with Splunk Enterprise Security

Splunk Admins and App Developers | Earn a $35 gift card!