Security

Password Recovery: Why was a new passwd file not generated?

Champion

Hi,

I had to recover a password for Splunk and deleted the passwd file and then restarted Splunk but no new passwd file is generated. I thought Splunk auto-generated this file when this happens? I am looking in /opt/splunk/etc, and permissions/space... it lookas fine. Splunk is running.

0 Karma

SplunkTrust
SplunkTrust

Hi @a212830,

If you are running Splunk 7.1 the old delete $SPLUNK_HOME/etc/passwd trick does not work anymore. Read the docs http://docs.splunk.com/Documentation/Splunk/7.1.2/Security/Secureyouradminaccount#Reset_a_lost_passw... about how to reset a lost password in Splunk 7.1

Hope this helps ...

cheers, MuS

0 Karma

Ultra Champion

Yup. 7.1 introduced a stricter password policy feature and so that ol' hack that we used to love got blocked as a means to strengthen security.

0 Karma

Champion

At 6.5.4. At a loss... opening ticket.

0 Karma

Ultra Champion

Hmm. Yea, if you delete the $SPLUNK_HOME/etc/passwd file on that version then restart it should regenerate for you (if my memory is right).

I say do it again just in case there's human error that we didn't notice.

0 Karma