Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Is it possible for a Splunk admin to create users with a default password of "changeme" using the Splunk Java SDK?

remnant_8
Explorer
‎10-27-2015 09:44 PM

<customer requirement>
1. System admin of Splunk creates "testuser" and password has to be set as default (changeme)
2. testuser accesses Splunk Web (http://10.10.10.10.:8000) and then he will see "are you first login user please change your password"

<my step>

So I tried to create testuser on Splunk SDK for Java as follows:

String username = "testuser";
User user = service.getUsers().create(username);

  1. But this exception occurs:

    com.splunk.HttpException http400 - in handler 'users' : the following required arguments are missing: password
    Are there people who have solved this issue? Please recommend what I should do as soon as possible.

0 Karma
Reply

acharlieh
Influencer
‎10-28-2015 08:36 AM

Your error is from that you need to supply a password when you create a user. (I don't see Splunk adopting a "create users with a default password of changeme" since it would likely be a bad idea if every default password on every splunk instance was changeme... people already have been compromised by failing to change the admin users password immediately.)

You're not going to have a force change password workflow work with the built-in Splunk users and authentication out of the box. How it works for the admin user is upon first login of the UI (I'm not even sure it has to be the 'admin' user), Splunk looks for a $SPLUNK_HOME/etc/.ui_login file. If not found, you get the prompt to change password, and this file is then created (even if you skip the page) and you're never prompted again. As this is not in a user specific location there's no way to tell if a particular user has not logged in since password change, and prompt for setting a new password with Splunk's built-in auth mechanisms

You may however be able to use Splunk SSO and and externalized user and authentication information to get something similar to work, but I'm not sure what that would look like exactly.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...