Authentication Configuration
This documentation does not apply to the most recent version of Splunk. Click here for the latest version.
Authentication Configuration
These parameters configure your authentication scheme, either LDAP or the default Splunk Authentication.
Filename
- auth.conf (within any subdirectory of $SPLUNK_HOME/etc/bundles/)
Format
[<spec>] attribute1 = val1 attribute2 = val2 ...
Selecting an Authentication Scheme
[auth]
authType = Splunk
This sets the authentication to use, either "Splunk" or "LDAP". For Splunk Authentication, no further configuration is needed.
For more on LDAP, see the comments in the auth.conf.spec file for details. LDAP should be configured by an experienced administrator, as an incorrect configuration is likely to leave Splunk inaccessible.
Some important considerations:
The failsafe login is used when LDAP is unavailable. When you enter the plaintext failsafe password in auth.conf, the next time Splunk starts it will replace it with the encrypted password. Also, distributed live splunks uses the failsafe password because it does not have access to user credentials from LDAP.
You can configure and enable LDAP from the web interface as well. Note that when you switch authentication systems from the GUI, any users currently logged in will be logged out.
Error messages go to $SPLUNK_HOME/var/log/splunk/splunkd.log.
This documentation applies to the following versions of Splunk: 2.2 , 2.2.1 , 2.2.3 , 2.2.6 View the Article History for its revisions.