Security

Interesting... passwd file over rules user-seed.conf

reswob4
Builder

Not sure if this has been seen by others and it didn't turn up in my searches...

I have a 7.3.3 instance where I forgot the admin password. So I created a $SPLUNK_HOME/etc/system/local/user-seed.conf, restarted, but I couldn't log in with the password. Additionally, the user-seed.conf file was still present.

Turns out there was still a $SPLUNK_HOME/etc/passwd file (presumably from previous upgrades). I moved that to the $SPLUNK_HOME/etc/passwd.bak, restarted and then Splunk used the user-seed.conf file to reset the admin password.

Hope this helps someone else...

1 Solution

reswob4
Builder

More of a statement above than a question..

View solution in original post

0 Karma

reswob4
Builder

More of a statement above than a question..

0 Karma
Get Updates on the Splunk Community!

This Week's Community Digest - Splunk Community Happenings [9.26.22]

Get the latest news and updates from the Splunk Community here! Upcoming User Group Events! 👏 Check ...

BSides Splunk 2022 - The Call for Papers is now Open!

TLDR; Main Site: https://bsidessplunk.com CFP Site: https://bsidessplunk.com/cfp CFP Opens: December 15th, ...

Sending Metrics to Splunk Enterprise With the OpenTelemetry Collector

This blog post is part of an ongoing series on OpenTelemetry. The OpenTelemetry project is the second largest ...