Security
Highlighted

Password Recovery: Why was a new passwd file not generated?

Champion

Hi,

I had to recover a password for Splunk and deleted the passwd file and then restarted Splunk but no new passwd file is generated. I thought Splunk auto-generated this file when this happens? I am looking in /opt/splunk/etc, and permissions/space... it lookas fine. Splunk is running.

0 Karma
Highlighted

Re: Password Recovery: Why was a new passwd file not generated?

SplunkTrust
SplunkTrust

Hi @a212830,

If you are running Splunk 7.1 the old delete $SPLUNK_HOME/etc/passwd trick does not work anymore. Read the docs http://docs.splunk.com/Documentation/Splunk/7.1.2/Security/Secureyouradminaccount#Reset_a_lost_passw... about how to reset a lost password in Splunk 7.1

Hope this helps ...

cheers, MuS

0 Karma
Highlighted

Re: Password Recovery: Why was a new passwd file not generated?

Ultra Champion

Yup. 7.1 introduced a stricter password policy feature and so that ol' hack that we used to love got blocked as a means to strengthen security.

0 Karma
Highlighted

Re: Password Recovery: Why was a new passwd file not generated?

Champion

At 6.5.4. At a loss... opening ticket.

0 Karma
Highlighted

Re: Password Recovery: Why was a new passwd file not generated?

Ultra Champion

Hmm. Yea, if you delete the $SPLUNK_HOME/etc/passwd file on that version then restart it should regenerate for you (if my memory is right).

I say do it again just in case there's human error that we didn't notice.

0 Karma
Speak Up for Splunk Careers!

We want to better understand the impact Splunk experience and expertise has has on individuals' careers, and help highlight the growing demand for Splunk skills.