How can native authentication be disabled in Splunk?
How can native authentication be disabled in Splunk?
To disable native authentication in Splunk, you need to create an empty $SPLUNK_HOME/etc/passwd file. This effectively disables Splunk's native authentication mechanism, allowing you to use external authentication providers such as LDAP or SAML for user authentication.
B. A blank passwd file disables native authentication.
B is the answer. Refer system admin pdf.
B. P151 sys admin pdf
B. Create an empty $SPLUNK_HOME/etc/passwd file
Option B https://docs.splunk.com/Documentation/Splunk/9.0.3/Security/Usernameprecedence#:~:text=On%20the%20Splunk%20Enterprise%20instance,Restart%20Splunk%20Enterprise.
Answer is B
reating an empty passwd file can disable native authentication in Splunk. This can be achieved by creating an empty file named passwd in the $SPLUNK_HOME/etc directory. This method is useful if you want to use an external authentication provider such as LDAP or SAML for user authentication. Option D (nativeAuthentication=false in authentication.conf) can also be used to disable native authentication, but it is a more granular option as it only disables certain parts of the native authentication system.