Security

user addition issue

ma_anand1984
Contributor

I add users in authentication.conf. I push them to SH. The updated file resides on .../primary/..
But when i reload (which i have to do for some reason), a new copy of authentication.conf is automatically created and is placed in ../etc/system/local/

this system/local copy overrides the one in primary.

Now i have to delete this system/local copy every time i add users to see newly added users in UI.

Is there a way to avoid this step ?

Tags (3)
0 Karma
1 Solution

mwhite_splunk
Splunk Employee
Splunk Employee

Which authentication.conf are you adding users to? Are you manually adding via the auth.conf or via the Splunk Web UI? I also don't understand your reference to ../primary/..

They should be added to:

$SPLUNK_HOME/etc/system/local/authentication.conf.

The system should never overwrite anything in your:

$SPLUNK_HOME/etc/system/local/

directory as a general rule.

View solution in original post

0 Karma

mwhite_splunk
Splunk Employee
Splunk Employee

Which authentication.conf are you adding users to? Are you manually adding via the auth.conf or via the Splunk Web UI? I also don't understand your reference to ../primary/..

They should be added to:

$SPLUNK_HOME/etc/system/local/authentication.conf.

The system should never overwrite anything in your:

$SPLUNK_HOME/etc/system/local/

directory as a general rule.

0 Karma
Get Updates on the Splunk Community!

How to Monitor Google Kubernetes Engine (GKE)

We’ve looked at how to integrate Kubernetes environments with Splunk Observability Cloud, but what about ...

Index This | How can you make 45 using only 4?

October 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

Splunk Education Goes to Washington | Splunk GovSummit 2024

If you’re in the Washington, D.C. area, this is your opportunity to take your career and Splunk skills to the ...