Since we have LDAP in place and audit restrictions, I have disabled the system account by backing up passwd to passwd.off and creating an empty passwd file. Unfortunately, this presents the "First time logging in? Splunk's default credentials are" message when navigating to splunk's log in page.
Any ideas on how to disable that message while still having the system account disabled?
Looks like this might be it: http://answers.splunk.com/answers/102966/how-can-i-disable-password-change-request-at-first-time-log...
touch ${SPLUNK_HOME}/etc/.ui_login
Looks like this might be it: http://answers.splunk.com/answers/102966/how-can-i-disable-password-change-request-at-first-time-log...
touch ${SPLUNK_HOME}/etc/.ui_login
Shortest and best answer all these years later.
Yea, that solved it.