We’ve started testing Splunk 7 and I noticed that when I make changes to the splunk/etc/passwd file and restart splunkd, a number is getting appended to the line each time. ie.
:admin:$6$J5am*::Administrator:admin:changeme@example.com::
becomes
:admin:$6$J5am*::Administrator:admin:changeme@example.com::17954
Where is that number coming from?
That number 17954 is actually an internal timestamp we use for the password creation date so it’s automatically generated.
It’s used for triggering password expiration if that option is enabled by going to Settings > Access Controls > Password Policy Management > Expiration.
Ahoy, @svishnevskaya_splunk! Sure could use an understanding of how the expiry number is generated. I'd like to incorporate it into some Puppet modules I'm building for our new splunk> cluster.
@svishnevskaya_splunk Can you explain how the number is generated? I'd like to replicate it so splunk and my configuration management system aren't fighting each other.
That number 17954 is actually an internal timestamp we use for the password creation date so it’s automatically generated.
It’s used for triggering password expiration if that option is enabled by going to Settings > Access Controls > Password Policy Management > Expiration.
So, today's number is 17998.
That's the number of days since the Unix Epoch (1 Jan 1970 00:00:00 UTC).
So, that's what I'll have my config management system stuff into the final field whenever it adds an entry to the splunk password file.
So...any chance of an explanation of how to generate this field so I can put this file into our configuration management system?
It's rather...inelegant that each run of puppet--say--rewrites the passwd
file, only to have splunk add the expiry digits back in when reloading.
I may just add ;1
, see what happens, and report back for the curious.
A definitive answer from a splunker would be much appreciated, nevertheless.
Err...add 1
, of course.