Security
Highlighted

Native Password Complexity in Splunk

Contributor

Is there anyway to enforce password complexity using Splunk's native user/password authentication?

Specifically I am looking for:

  1. First time user logs in, they must change their password in Splunk's user screen
  2. Password must follow a minimum defined complexity (e.g. uppercase, lowercase, numbers, special chars and a certain length)
  3. After x months, user must change their password again

I realise that it can be done through SSO, LDAP integration etc. but I am looking for something within Splunk itself (or perhaps some kind of script) as none of these other mechanisms are an option for us right now.

Tags (1)
Highlighted

Re: Native Password Complexity in Splunk

Splunk Employee
Splunk Employee

At this time, we don't have plans to implement this kind of improvement in the native Splunk authentication mechanism. The best practice is to use LDAP authentication with Splunk.

I know you mentioned that LDAP is not an option, but it isn't that hard to set up and maintain OpenLDAP.

View solution in original post

Highlighted

Re: Native Password Complexity in Splunk

Path Finder

Hi, i saw this is an old post but the question is the same, now in the new versions of Splunk is there an way to do this? or is in the path to do it?

0 Karma
Highlighted

Re: Native Password Complexity in Splunk

Splunk Employee
Splunk Employee
0 Karma