Splunk Enterprise
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Update authentication.conf by Pushing an app From Deployer to SHC?

a1bg503461
Explorer
‎06-26-2023 12:56 AM

Hello,

I have a task with two steps 

  1. Create an app taht will increase local account password complexity from 8 chars to 18chars , push it from deployer to SHC
  2. Using REST API Calls Update local admin account password with long 18chars random generated string 

I found the file I need to update it is under : /opt/splunk/etc/system/local/authentication.conf, I can create an APP folder on deployer such as /opt/splunk/etc/shcluster/apps/EXAMPLE_PASSWORD_COMPLEXITY_APP
How do I rout that the file inside updates the file in /opt/splunk/etc/system/local/authentication.conf

And on point 2. if anyone has the API Call to update SH password for local account  I woul appreciate it .

Labels (2)
Labels
0 Karma
Reply

a1bg503461
Explorer
‎07-07-2023 07:51 AM

Sorry but we decided to take another approach using REST Api calls

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎06-26-2023 04:10 AM

Hi

you cannot push anything from deployer to SHC's members .../etc/system/local.

The correct way it use separate app for SHC generic configurations and put those there. Then you must remove everything what has added via GUI from .../etc/system/local/authentication.conf. You could try to clean your local changes by GUI and check if those are removed from fs. If not then the last option is stop your SHC and then remove those by hand from files one by one.

When you have SHC or actually any other SH the best practices is use e.g. AD or any SAML authentication to manage your users in any corporate environments. Then you should have this kind of policies implemented already on your master IDM system.

You could change password e.g. like this https://community.splunk.com/t5/Getting-Data-In/how-to-change-user-password-using-rest-url-without-u... Just replace localhost with your SHC REST api address.

r. Ismo

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Watch On Demand the Tech Talk, and empower your SOC to reach new heights! Duration: 1 hour  Prepare to ...

Splunk Observability as Code: From Zero to Dashboard

For the details on what Self-Service Observability and Observability as Code is, we have some awesome content ...