Monitoring Splunk

Clarify where pass4symmkey is used to authenticate client connections

iamjvn
Explorer

In the search heads clustering and indexer clustering, the language is such that it sounds like pass4symmkey is used only for client authentication from other search heads or indexers.

I have since seen references in forwarder, cluster master and monitor configuration.

Can someone please clarify whether pass4symmkey is actually used for all client connections to the Management/API/8089 service.

And does pass4symmkey simply compliment client-certificate for connection authentication.

thanks

strive
Influencer

Hi,

The value of pass4SymmKey (the secret key) attribute in server.conf should be same across all the Cluster instances. It authenticates the traffic between license master and its slaves, members of the cluster.

The splunk's server.conf has clear details about this key. http://docs.splunk.com/Documentation/Splunk/7.0.2/admin/Serverconf

And does pass4symmkey simply compliment client-certificate for connection authentication -- The answer is No.

damiensurat
Contributor

Hi there iamjvn. Duane Waddle gave a great overview of Splunk's various ssl options across the entire deployment. You should check it out, as I think it may help in answering your question.

https://www.duanewaddle.com/wp-content/uploads/2014/10/Splunk-SSL-Presentation.pdf
https://www.duanewaddle.com/splunk-conf-2014/

Cheers!

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...