nerdexam
Splunk

SPLK-1003 · Question #62

How can native authentication be disabled in Splunk?

The correct answer is B. Create an empty $SPLUNK_HOME/etc/passwd file. Splunk stores native (local) user credentials in the $SPLUNK_HOME/etc/passwd file. Creating an empty passwd file effectively disables native authentication because Splunk finds no credentials to validate against, forcing users to authenticate through an external provider (e.g., L

Users and Roles

Question

How can native authentication be disabled in Splunk?

Options

  • ARemove the $SPLUNK_HOME/etc/passwd file
  • BCreate an empty $SPLUNK_HOME/etc/passwd file
  • CSet SPLUNK_AUTHENTICATION=false in splunk-launch.conf
  • DSet nativeAuthentication=false in authentication.conf

How the community answered

(51 responses)
  • A
    6% (3)
  • B
    88% (45)
  • C
    4% (2)
  • D
    2% (1)

Explanation

Splunk stores native (local) user credentials in the $SPLUNK_HOME/etc/passwd file. Creating an empty passwd file effectively disables native authentication because Splunk finds no credentials to validate against, forcing users to authenticate through an external provider (e.g., LDAP or SAML). Simply removing the file (A) does not have the same controlled effect. Options C and D reference settings that do not exist in Splunk's configuration system.

Topics

#Authentication#Security#User Management#Configuration Files

Community Discussion

No community discussion yet for this question.

Full SPLK-1003 Practice