I've seen http://answers.splunk.com/questions/345/does-splunk-play-nice-with-puppet and there is a Puppet manifest in the answer but the manifest doesn't address some of the entries in it.

The question is: What is the purpose of the files in $SPLUNK_HOME/etc/auth? Many of them are explained by http://www.splunk.com/base/Documentation/latest/admin/Secureaccesstoyoursplunkserverwithssl but some are still not explained.

On a new Splunk 4.1.5 installation that was turned into a light forwarder I have these files in $SPLUNK_HOME/etc/auth

.:
total 36
drwx--x--x 2 root   root   4096 Oct 14 14:18 audit
-r--r--r-- 1 splunk splunk  912 Sep  4 05:53 cacert.pem
-r--r--r-- 1 splunk splunk 1875 Sep  4 05:53 ca.pem
-rw------- 1 root   root     17 Oct 14 14:30 ca.srl
drwx--x--x 2 root   root   4096 Oct 14 14:18 distServerKeys
-rw------- 1 root   root    951 Oct 14 14:30 privkeySecure.pem
-rw------- 1 root   root    595 Oct 14 14:30 req.pem
-rw------- 1 root   root   2689 Oct 14 14:30 server.pem
-r-------- 1 root   root    255 Oct 14 14:30 splunk.secret

./audit:
total 8
-rw------- 1 root root 887 Oct 14 14:18 private.pem
-rw------- 1 root root 272 Oct 14 14:18 public.pem

./distServerKeys:
total 8
-rw------- 1 root root 887 Oct 14 14:18 private.pem
-rw------- 1 root root 272 Oct 14 14:18 trusted.pem

What is the function of each file listed and which of them can (and should) be omitted from a forwarder?