- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Re: Admin Passwords Across Clusters
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Just to be sure, does the admin password need to be the same for each component in the Search Head or Index Cluster?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @jaxjohnny2000,
Admin password doesn't have to be the same accross all hosts and I would also say shouldnt be.
Only pass4SymmKeyshould be the same for your cluster config but even that key can be different for different components (SH cluster can use a key that is different from your IDX cluster).
Most clients configure centralized authentication (LDAP based for example) and would use real user credentials while giving the admin user a complex password. This password is then stored somewhere safe and isnt used in day to day configs; only for intial setup.
So to keep it short same admin password everywhere is for lazy people and is not secure, best not share the same one.
Cheers,
David
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you. That was also my assumption, but getting it in answers was my goal.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @jaxjohnny2000,
Admin password doesn't have to be the same accross all hosts and I would also say shouldnt be.
Only pass4SymmKeyshould be the same for your cluster config but even that key can be different for different components (SH cluster can use a key that is different from your IDX cluster).
Most clients configure centralized authentication (LDAP based for example) and would use real user credentials while giving the admin user a complex password. This password is then stored somewhere safe and isnt used in day to day configs; only for intial setup.
So to keep it short same admin password everywhere is for lazy people and is not secure, best not share the same one.
Cheers,
David
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The question was
does the admin password need to be the
same for each component in the Search
Head or Index Cluster
So while the above answer above is semi-correct, it doesn't need to be the same across all hosts from the perspective that forwarder admin passwords can be different from each other and the search heads. The admin passwords across the search heads in any given search head cluster do need to be the same since the cluster will synchronize the passwords of local accounts.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@jaxjohnny - No it does not need to be same. The pass4symmkey for cluster would be one .
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@jaxjohnny2000, more about pass4symmkey at Secure your clusters with pass4SymmKey
And to be clear it says there -
pass4SymmKey controls authentication between Splunk instances and does not manage user access.
Extending Observability Content to Splunk Cloud
More Control Over Your Monitoring Costs with Archived Metrics!
New in Observability Cloud - Explicit Bucket Histograms
