I am trying to determine how SPLUNK passwords are stored using one way encryption. I am also trying to determine if I can change the SPLUNK complexity passwords requirements for users.
There's a setting in authentication.conf: http://docs.splunk.com/Documentation/Splunk/6.1.2/Admin/Authenticationconf
passwordHashAlgorithm = [SHA512-crypt|SHA256-crypt|SHA512-crypt-<num_rounds>|SHA256-crypt-<num_rounds>|MD5-crypt]
I believe the password requirements with built-in authentication is limited to requiring a certain length (same .conf):
minPasswordLength = <positive integer>
For more sophisticated complexity requirements you should use external authentication, such as Active Directory.
View solution in original post
Best thing you can do there is SHA256-crypt-1000000 . This makes it almost impossible to guess passwords unless you have "Welcome-2016".
In our case we did not have the slow downs mentioned in the doc.