Security

user addition issue

ma_anand1984
Contributor

I add users in authentication.conf. I push them to SH. The updated file resides on .../primary/..
But when i reload (which i have to do for some reason), a new copy of authentication.conf is automatically created and is placed in ../etc/system/local/

this system/local copy overrides the one in primary.

Now i have to delete this system/local copy every time i add users to see newly added users in UI.

Is there a way to avoid this step ?

Tags (3)
0 Karma
1 Solution

mwhite_splunk
Splunk Employee
Splunk Employee

Which authentication.conf are you adding users to? Are you manually adding via the auth.conf or via the Splunk Web UI? I also don't understand your reference to ../primary/..

They should be added to:

$SPLUNK_HOME/etc/system/local/authentication.conf.

The system should never overwrite anything in your:

$SPLUNK_HOME/etc/system/local/

directory as a general rule.

View solution in original post

0 Karma

mwhite_splunk
Splunk Employee
Splunk Employee

Which authentication.conf are you adding users to? Are you manually adding via the auth.conf or via the Splunk Web UI? I also don't understand your reference to ../primary/..

They should be added to:

$SPLUNK_HOME/etc/system/local/authentication.conf.

The system should never overwrite anything in your:

$SPLUNK_HOME/etc/system/local/

directory as a general rule.

0 Karma
Get Updates on the Splunk Community!

New in Observability - Improvements to Custom Metrics SLOs, Log Observer Connect & ...

The latest enhancements to the Splunk observability portfolio deliver improved SLO management accuracy, better ...

Improve Data Pipelines Using Splunk Data Management

  Register Now   This Tech Talk will explore the pipeline management offerings Edge Processor and Ingest ...

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud?

Register Join this Tech Talk to learn how unique features like Service Centric Views, Tag Spotlight, and ...