Security

user addition issue

ma_anand1984
Contributor

I add users in authentication.conf. I push them to SH. The updated file resides on .../primary/..
But when i reload (which i have to do for some reason), a new copy of authentication.conf is automatically created and is placed in ../etc/system/local/

this system/local copy overrides the one in primary.

Now i have to delete this system/local copy every time i add users to see newly added users in UI.

Is there a way to avoid this step ?

Tags (3)
0 Karma
1 Solution

mwhite_splunk
Splunk Employee
Splunk Employee

Which authentication.conf are you adding users to? Are you manually adding via the auth.conf or via the Splunk Web UI? I also don't understand your reference to ../primary/..

They should be added to:

$SPLUNK_HOME/etc/system/local/authentication.conf.

The system should never overwrite anything in your:

$SPLUNK_HOME/etc/system/local/

directory as a general rule.

View solution in original post

0 Karma

mwhite_splunk
Splunk Employee
Splunk Employee

Which authentication.conf are you adding users to? Are you manually adding via the auth.conf or via the Splunk Web UI? I also don't understand your reference to ../primary/..

They should be added to:

$SPLUNK_HOME/etc/system/local/authentication.conf.

The system should never overwrite anything in your:

$SPLUNK_HOME/etc/system/local/

directory as a general rule.

0 Karma
Get Updates on the Splunk Community!

How to Get Started with Splunk Data Management Pipeline Builders (Edge Processor & ...

If you want to gain full control over your growing data volumes, check out Splunk’s Data Management pipeline ...

Out of the Box to Up And Running - Streamlined Observability for Your Cloud ...

  Tech Talk Streamlined Observability for Your Cloud Environment Register    Out of the Box to Up And Running ...

Splunk Smartness with Brandon Sternfield | Episode 3

Hello and welcome to another episode of "Splunk Smartness," the interview series where we explore the power of ...