Splunk Search

Admin Passwords Across Clusters

jaxjohnny2000
Builder

Just to be sure, does the admin password need to be the same for each component in the Search Head or Index Cluster?

0 Karma
1 Solution

DavidHourani
Super Champion

Hi @jaxjohnny2000,

Admin password doesn't have to be the same accross all hosts and I would also say shouldnt be.

Only pass4SymmKeyshould be the same for your cluster config but even that key can be different for different components (SH cluster can use a key that is different from your IDX cluster).

Most clients configure centralized authentication (LDAP based for example) and would use real user credentials while giving the admin user a complex password. This password is then stored somewhere safe and isnt used in day to day configs; only for intial setup.

So to keep it short same admin password everywhere is for lazy people and is not secure, best not share the same one.

Cheers,
David

View solution in original post

jaxjohnny2000
Builder

Thank you. That was also my assumption, but getting it in answers was my goal.

0 Karma

DavidHourani
Super Champion

Hi @jaxjohnny2000,

Admin password doesn't have to be the same accross all hosts and I would also say shouldnt be.

Only pass4SymmKeyshould be the same for your cluster config but even that key can be different for different components (SH cluster can use a key that is different from your IDX cluster).

Most clients configure centralized authentication (LDAP based for example) and would use real user credentials while giving the admin user a complex password. This password is then stored somewhere safe and isnt used in day to day configs; only for intial setup.

So to keep it short same admin password everywhere is for lazy people and is not secure, best not share the same one.

Cheers,
David

triest
Communicator

The question was

does the admin password need to be the
same for each component in the Search
Head or Index Cluster

So while the above answer above is semi-correct, it doesn't need to be the same across all hosts from the perspective that forwarder admin passwords can be different from each other and the search heads. The admin passwords across the search heads in any given search head cluster do need to be the same since the cluster will synchronize the passwords of local accounts.

0 Karma

Vijeta
Influencer

@jaxjohnny - No it does not need to be same. The pass4symmkey for cluster would be one .

0 Karma

ddrillic
Ultra Champion

@jaxjohnny2000, more about pass4symmkey at Secure your clusters with pass4SymmKey

And to be clear it says there -

pass4SymmKey controls authentication between Splunk instances and does not manage user access.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...