Security
Highlighted

What salts the password hash?

Splunk Employee
Splunk Employee

What private key pairs are used to generate the hashed passwords in authentication.conf or the passwd file?

Tags (3)
Highlighted

Re: What salts the password hash?

Splunk Employee
Splunk Employee

In splunk up to 4.1.2, splunk password hashing is applied to both ssl cert passwords and user login passwords. The mechanism is more of a cipher than a key pair.

The secret used in this cipher is stored in $SPLUNK_HOME/etc/auth/splunk.secret. Thus your stored password datums and this file must match.


After 4.1.2, the passwd file contains a traditional one-way hash of the password string, with salt, just as you would find in a linux or openbsd system. SSL cert passwords, and ldap bind passwords are still ciphered as before.

View solution in original post