Password Recovery: Why was a new passwd file not g...

a212830 · ‎08-29-2018

Hi,

I had to recover a password for Splunk and deleted the passwd file and then restarted Splunk but no new passwd file is generated. I thought Splunk auto-generated this file when this happens? I am looking in /opt/splunk/etc, and permissions/space... it lookas fine. Splunk is running.

MuS · ‎08-29-2018

Hi @a212830,

If you are running Splunk 7.1 the old delete $SPLUNK_HOME/etc/passwd trick does not work anymore. Read the docs http://docs.splunk.com/Documentation/Splunk/7.1.2/Security/Secureyouradminaccount#Reset_a_lost_passw... about how to reset a lost password in Splunk 7.1

Hope this helps ...

cheers, MuS

sloshburch · ‎08-30-2018

Yup. 7.1 introduced a stricter password policy feature and so that ol' hack that we used to love got blocked as a means to strengthen security.

a212830 · ‎08-30-2018

At 6.5.4. At a loss... opening ticket.

sloshburch · ‎08-31-2018

Hmm. Yea, if you delete the $SPLUNK_HOME/etc/passwd file on that version then restart it should regenerate for you (if my memory is right).

I say do it again just in case there's human error that we didn't notice.

Password Recovery: Why was a new passwd file not generated?

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Join the Conversation

Password Recovery: Why was a new passwd file not generated?

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...