Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Update authentication.conf by Pushing an app From Deployer to SHC?

a1bg503461
Explorer
‎06-26-2023 12:56 AM

Hello,

I have a task with two steps 

  1. Create an app taht will increase local account password complexity from 8 chars to 18chars , push it from deployer to SHC
  2. Using REST API Calls Update local admin account password with long 18chars random generated string 

I found the file I need to update it is under : /opt/splunk/etc/system/local/authentication.conf, I can create an APP folder on deployer such as /opt/splunk/etc/shcluster/apps/EXAMPLE_PASSWORD_COMPLEXITY_APP
How do I rout that the file inside updates the file in /opt/splunk/etc/system/local/authentication.conf

And on point 2. if anyone has the API Call to update SH password for local account  I woul appreciate it .

Labels (2)
Labels
0 Karma
Reply

a1bg503461
Explorer
‎07-07-2023 07:51 AM

Sorry but we decided to take another approach using REST Api calls

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎06-26-2023 04:10 AM

Hi

you cannot push anything from deployer to SHC's members .../etc/system/local.

The correct way it use separate app for SHC generic configurations and put those there. Then you must remove everything what has added via GUI from .../etc/system/local/authentication.conf. You could try to clean your local changes by GUI and check if those are removed from fs. If not then the last option is stop your SHC and then remove those by hand from files one by one.

When you have SHC or actually any other SH the best practices is use e.g. AD or any SAML authentication to manage your users in any corporate environments. Then you should have this kind of policies implemented already on your master IDM system.

You could change password e.g. like this https://community.splunk.com/t5/Getting-Data-In/how-to-change-user-password-using-rest-url-without-u... Just replace localhost with your SHC REST api address.

r. Ismo

0 Karma
Reply
Get Updates on the Splunk Community!

Announcing the 1st Round Champion’s Tribute Winners of the Great Resilience Quest

We are happy to announce the 20 lucky questers who are selected to be the first round of Champion's Tribute ...

We’ve Got Education Validation!

Are you feeling it? All the career-boosting benefits of up-skilling with Splunk? It’s not just a feeling, it's ...

What’s New in Splunk Cloud Platform 9.1.2308?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2308! Analysts can ...