Security

Why is a number getting appended to each line when making changes to password file in Splunk 7?

splunkIT
Splunk Employee
Splunk Employee

We’ve started testing Splunk 7 and I noticed that when I make changes to the splunk/etc/passwd file and restart splunkd, a number is getting appended to the line each time. ie.

:admin:$6$J5am*::Administrator:admin:changeme@example.com::

becomes

:admin:$6$J5am*::Administrator:admin:changeme@example.com::17954

Where is that number coming from?

0 Karma
1 Solution

svishnevskaya_s
Splunk Employee
Splunk Employee

That number 17954 is actually an internal timestamp we use for the password creation date so it’s automatically generated.
It’s used for triggering password expiration if that option is enabled by going to Settings > Access Controls > Password Policy Management > Expiration.

View solution in original post

chris_jepeway
New Member

Ahoy, @svishnevskaya_splunk! Sure could use an understanding of how the expiry number is generated. I'd like to incorporate it into some Puppet modules I'm building for our new splunk> cluster.

0 Karma

chris_jepeway
New Member

@svishnevskaya_splunk Can you explain how the number is generated? I'd like to replicate it so splunk and my configuration management system aren't fighting each other.

0 Karma

svishnevskaya_s
Splunk Employee
Splunk Employee

That number 17954 is actually an internal timestamp we use for the password creation date so it’s automatically generated.
It’s used for triggering password expiration if that option is enabled by going to Settings > Access Controls > Password Policy Management > Expiration.

chris_jepeway
New Member

So, today's number is 17998.

That's the number of days since the Unix Epoch (1 Jan 1970 00:00:00 UTC).

So, that's what I'll have my config management system stuff into the final field whenever it adds an entry to the splunk password file.

0 Karma

chris_jepeway
New Member

So...any chance of an explanation of how to generate this field so I can put this file into our configuration management system?

It's rather...inelegant that each run of puppet--say--rewrites the passwd file, only to have splunk add the expiry digits back in when reloading.

I may just add ;1, see what happens, and report back for the curious.

A definitive answer from a splunker would be much appreciated, nevertheless.

0 Karma

chris_jepeway
New Member

Err...add 1, of course.

0 Karma
Get Updates on the Splunk Community!

New Learning Videos on Topics Most Requested by You! Plus This Month’s New Splunk ...

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

How I Instrumented a Rust Application Without Knowing Rust

As a technical writer, I often have to edit or create code snippets for Splunk's distributions of ...

Splunk Community Platform Survey

Hey Splunk Community, Starting today, the community platform may prompt you to participate in a survey. The ...