Security

Interesting... passwd file over rules user-seed.conf

reswob4
Builder

Not sure if this has been seen by others and it didn't turn up in my searches...

I have a 7.3.3 instance where I forgot the admin password. So I created a $SPLUNK_HOME/etc/system/local/user-seed.conf, restarted, but I couldn't log in with the password. Additionally, the user-seed.conf file was still present.

Turns out there was still a $SPLUNK_HOME/etc/passwd file (presumably from previous upgrades). I moved that to the $SPLUNK_HOME/etc/passwd.bak, restarted and then Splunk used the user-seed.conf file to reset the admin password.

Hope this helps someone else...

1 Solution

reswob4
Builder

More of a statement above than a question..

View solution in original post

0 Karma

reswob4
Builder

More of a statement above than a question..

0 Karma
Get Updates on the Splunk Community!

Security Highlights: September 2022 Newsletter

 September 2022 The Splunk App for Fraud Analytics (SFA) is now Splunk SupportedUse your existing Splunk ...

Platform Highlights | September 2022 Newsletter

 September 2022 What’s New in 9.0 and How to UpgradeGet a walk through of what is new Splunk Enterprise 9.0 ...

Observability Highlights | September 2022 Newsletter

 September 2022 Splunk Observability SuiteAccess to "Classic" SignalFx Interface Will be Removed on Sept 30, ...