What is the full mechanism of the local Splunk authentication? What hashing algorithm does it use? Does it use a salt? Where does it keep this information? etc.
Splunk uses the standard UNIX password file format also found in /etc/passwd and /etc/shadow on most UNIX systems, using crypt() with MD5 as hashing algorithm for storing hashes of salted passwords. You can have a look at the password file yourself (if you have the appropriate access of course), it is stored in $SPLUNK_HOME/etc/passwd.