Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Is it possible for a Splunk admin to create users with a default password of "changeme" using the Splunk Java SDK?

remnant_8
Explorer
‎10-27-2015 09:44 PM

<customer requirement>
1. System admin of Splunk creates "testuser" and password has to be set as default (changeme)
2. testuser accesses Splunk Web (http://10.10.10.10.:8000) and then he will see "are you first login user please change your password"

<my step>

So I tried to create testuser on Splunk SDK for Java as follows:

String username = "testuser";
User user = service.getUsers().create(username);

  1. But this exception occurs:

    com.splunk.HttpException http400 - in handler 'users' : the following required arguments are missing: password
    Are there people who have solved this issue? Please recommend what I should do as soon as possible.

0 Karma
Reply

acharlieh
Influencer
‎10-28-2015 08:36 AM

Your error is from that you need to supply a password when you create a user. (I don't see Splunk adopting a "create users with a default password of changeme" since it would likely be a bad idea if every default password on every splunk instance was changeme... people already have been compromised by failing to change the admin users password immediately.)

You're not going to have a force change password workflow work with the built-in Splunk users and authentication out of the box. How it works for the admin user is upon first login of the UI (I'm not even sure it has to be the 'admin' user), Splunk looks for a $SPLUNK_HOME/etc/.ui_login file. If not found, you get the prompt to change password, and this file is then created (even if you skip the page) and you're never prompted again. As this is not in a user specific location there's no way to tell if a particular user has not logged in since password change, and prompt for setting a new password with Splunk's built-in auth mechanisms

You may however be able to use Splunk SSO and and externalized user and authentication information to get something similar to work, but I'm not sure what that would look like exactly.

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing Splunk Enterprise 9.2

WATCH HERE! Watch this Tech Talk to learn about the latest features and enhancements shipped in the new Splunk ...

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...