Hello,
I am trying to setup a rc script on our indexer so that Splunk does 'splunk offline' whenever the indexer is being shutdown or rebooted.
Issue is, when 'splunk offline' is issued, it is prompting for username and password. I know I can provide -auth admin:password
, but then I end up hard coding that in my rc script. Is there some other way?
Thanks,
Simon Mandy
Hi,
A good practice is to share the same secret key in your Splunk environment.
Then you can encrypt / decrypt hash password using the secret key.
In your script development, you can just load the hash password value from a config file of your own, or even store it in splunk-launch.conf, then undecrypt its value in the script and finally launch your command
are you referring to pass4SymmKey under [general] in server.conf? I do have this setup as same across servers.
Now how do i perform encrypt and decrypt in my shell script? using openssl ?
Can you give me an example please?
Sure:
To encrypt a password:
echo -n "myclearpassword" |openssl bf -e -a -pass file:/opt/splunk/etc/auth/splunk.secret
To decrypt:
echo "myhashed_password" | openssl enc -base64 -d | openssl bf -d -pass file:/opt/splunk/etc/auth/splunk.secret
Regards,
Guilhem
There used to be a hack that worked but it was a bug and Splunk fixed it. I know of no way to access splunk's "passworded" capabilities without giving a password. I would look at setting up an account that does not auto-logoff and then see if you can federate Splunk with Single-Sign-On. That way you can sign on once, and never sign out and keep using this user.