SPLK-1003 · Question #62
How can native authentication be disabled in Splunk?
The correct answer is B. Create an empty $SPLUNK_HOME/etc/passwd file. Splunk stores native (local) user credentials in the $SPLUNK_HOME/etc/passwd file. Creating an empty passwd file effectively disables native authentication because Splunk finds no credentials to validate against, forcing users to authenticate through an external provider (e.g., L
Question
How can native authentication be disabled in Splunk?
Options
- ARemove the $SPLUNK_HOME/etc/passwd file
- BCreate an empty $SPLUNK_HOME/etc/passwd file
- CSet SPLUNK_AUTHENTICATION=false in splunk-launch.conf
- DSet nativeAuthentication=false in authentication.conf
How the community answered
(51 responses)- A6% (3)
- B88% (45)
- C4% (2)
- D2% (1)
Explanation
Splunk stores native (local) user credentials in the $SPLUNK_HOME/etc/passwd file. Creating an empty passwd file effectively disables native authentication because Splunk finds no credentials to validate against, forcing users to authenticate through an external provider (e.g., LDAP or SAML). Simply removing the file (A) does not have the same controlled effect. Options C and D reference settings that do not exist in Splunk's configuration system.
Topics
Community Discussion
No community discussion yet for this question.