Re: how to centralized the splunk login account?

dikaye · ‎01-17-2011

Dear Sir,

We will have two indexer servers for our account login to manage they account founctions, so how to centralized the splunk login account?

Simon · ‎02-14-2011

You could deploy your $SPLUNK_HOME/etc/passwd. I've done this over multiple indexers/search heads and even over my forwarders.

Or more easier just scp your passwd file to your boxes.

dikaye · ‎01-17-2011

Thanks for your comment, for the options 2, if I use openldap, seems splunk can't centralized manage the users account.

Actually, what I want is that two indexer servers can centralized manage the users account.

Looking forward to your reply, thanks.

southeringtonp · ‎01-17-2011

More detail on your environment and what you are trying to accomplish would be helpful. However, the following may be helpful:

In general, you may wish to consult Set up user authentication in the Splunk docs.

The options are:

Manually create an account with the same name and password on each indexer.
Use LDAP Authentication with an external account store.
Use a scripted authentication for RADIUS or to allow complete customization.
Use an external authentication source and Splunk's support for single-sign-on.

Options (1) or (2) are usually the easiest to maintain for a small number of indexers. Option (2) is particularly recommended if Active Directory or another LDAP provider is available.

how to centralized the splunk login account?

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

Splunk APM: New Product Features + Community Office Hours Recap!

Index This | Forward, I’m heavy; backward, I’m not. What am I?