Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Is it possible for a Splunk admin to create users with a default password of "changeme" using the Splunk Java SDK?

remnant_8
Explorer
‎10-27-2015 09:44 PM

<customer requirement>
1. System admin of Splunk creates "testuser" and password has to be set as default (changeme)
2. testuser accesses Splunk Web (http://10.10.10.10.:8000) and then he will see "are you first login user please change your password"

<my step>

So I tried to create testuser on Splunk SDK for Java as follows:

String username = "testuser";
User user = service.getUsers().create(username);

  1. But this exception occurs:

    com.splunk.HttpException http400 - in handler 'users' : the following required arguments are missing: password
    Are there people who have solved this issue? Please recommend what I should do as soon as possible.

0 Karma
Reply

acharlieh
Influencer
‎10-28-2015 08:36 AM

Your error is from that you need to supply a password when you create a user. (I don't see Splunk adopting a "create users with a default password of changeme" since it would likely be a bad idea if every default password on every splunk instance was changeme... people already have been compromised by failing to change the admin users password immediately.)

You're not going to have a force change password workflow work with the built-in Splunk users and authentication out of the box. How it works for the admin user is upon first login of the UI (I'm not even sure it has to be the 'admin' user), Splunk looks for a $SPLUNK_HOME/etc/.ui_login file. If not found, you get the prompt to change password, and this file is then created (even if you skip the page) and you're never prompted again. As this is not in a user specific location there's no way to tell if a particular user has not logged in since password change, and prompt for setting a new password with Splunk's built-in auth mechanisms

You may however be able to use Splunk SSO and and externalized user and authentication information to get something similar to work, but I'm not sure what that would look like exactly.

0 Karma
Reply
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...