Authentication
[splunk_auth]
- Settings for Splunk's internal authentication system.
Splunk内部の認証に関する設定を行うスタンザ。
minPasswordLength = <positive integer>�
- Specifies the minimum permitted password length in characters when
passwords are set or modified. - Password modification attempts which do not meet this requirement are
- explicitly rejected.
- Values less than 1 are ignored.
- This setting is optional.
- Default: 8
パスワードの最小文字長を設定する。
minPasswordUppercase = <positive integer>
- Specifies the minimum permitted uppercase characters when passwords are set
or modified. - The Splunk platform ignores negative values.
- This setting is optional.
- Password modification attempts which do not meet this requirement are
explicitly rejected. - Default: 0
パスワードに必要な大文字の最小文字数を設定する。
minPasswordLowercase = <positive integer>
- Specifies the minimum permitted lowercase characters when passwords are set
or modified. - The the Splunk platform ignores negative values.
- This setting is optional.
- Password modification attempts which do not meet this requirement are
explicitly rejected. - Default: 0
パスワードに必要な小文字の最小文字数を設定する。
minPasswordDigit = <positive integer>
- Specifies the minimum permitted digit or number characters when passwords are
set or modified. - The Splunk platform ignores negative values.
- This setting is optional.
- Password modification attempts which do not meet this requirement are
explicitly rejected. - Default: 0
パスワードに必要な数字の最小文字数を設定する。
minPasswordSpecial = <positive integer>
- Specifies the minimum permitted special characters when passwords are set
or modified. - The semicolon character is not allowed.
- The Splunk platform ignores negative values.
- This setting is optional.
- Password modification attempts which do not meet this requirement are
explicitly rejected. - Default: 0
パスワードに必要な記号の最小文字数を設定する。
ただし、パスワードにセミコロンは使用できない。
expirePasswordDays = <positive integer>
- Specifies the number of days before the password expires after a reset.
- Minimum value: 0
- Maximum value: 3650
- the Splunk platform ignores negative values.
- This setting is optional.
- Default: 90
パスワードの有効期間を設定する。
expireAlertDays = <positive integer>
- Specifies the number of days to issue alerts before password expires.
- Minimum value: 0
- Maximum value: 120
- The Splunk platform ignores negative values.
- This setting is optional.
- Alerts appear in splunkd.log.
- Default: 15
パスワードの期限が切れる前に、通行期限が近い旨を通知する。
expireUserAccounts = <boolean>
- Specifies whether password expiration is enabled.
- This setting is optional.
- Default: false (user passwords do not expire)
パスワードの有効期限が切れた際、アカウントを無効にするか設定する。
forceWeakPasswordChange = <boolean>
- Specifies whether users must change a weak password.
- This setting is optional.
- Default: false (users can keep weak password)
弱いパスワードを登録できないようにする。
lockoutUsers = <boolean>
- Specifies whether locking out users is enabled.
- This setting is optional.
- If you enable this setting on members of a search head cluster, user lockout
state applies only per SHC member, not to the entire cluster. - Default: true (users are locked out on incorrect logins)
パスワードを間違えた際に、そのユーザアカウントをロックするか設定する。
サーチヘッドクラスタ環境の場合、一つのピアでのみロックする。
lockoutMins = <positive integer>
- The number of minutes that a user is locked out after entering an incorrect
password more than 'lockoutAttempts' times in 'lockoutThresholdMins' minutes. - Any value less than 1 is ignored.
- Minimum value: 1
- Maximum value: 1440
- This setting is optional.
- If you enable this setting on members of a search head cluster, user lockout
state applies only per SHC member, not to the entire cluster. - Default: 30
ユーザアカウントをロックする時間(Minutes)を設定する。
lockoutAttempts = <positive integer>
- The number of unsuccessful login attempts that can occur before a user is locked out.
- The unsuccessful login attempts must occur within 'lockoutThresholdMins' minutes.
- Any value less than 1 is ignored.
- Minimum value: 1
- Maximum value: 64
- This setting is optional.
- If you enable this setting on members of a search head cluster, user lockout
state applies only per SHC member, not to the entire cluster. - Default: 5
ユーザアカウントをロックするパスワード失敗回数を設定する。
lockoutThresholdMins = <positive integer>
- Specifies the number of minutes that must pass from the time of the first failed
login before the failed login attempt counter resets. - Any value less than 1 is ignored.
- Minimum value: 1
- Maximum value: 120
- This setting is optional.
- If you enable this setting on members of a search head cluster, user lockout
state applies only per SHC member, not to the entire cluster. - Default: 5
パスワードの失敗回数を集計する時間幅を設定する
enablePasswordHistory = <boolean>
- Specifies whether password history is enabled.
- When set to "true", the Splunk platform maintains a history of passwords
that have been used previously. - This setting is optional.
- Default: false
パスワードの世代管理をするか設定する。
passwordHistoryCount = <positive integer>
- The number of passwords that are stored in history. If password
history is enabled, on password change, user is not allowed to pick an - This setting is optional.
- Minimum value: 1
- Maximum value: 128
- Default: 24
パスワードを何世代まで管理するが設定する。
constantLoginTime = <decimal>
- The amount of time, in seconds, that the authentication manager
waits before returning any kind of response to a login request. - This setting helps mitigate login timing attacks. If you want to use the
setting, test it in your environment first to determine the appropriate
value. - When you configure this setting, login is guaranteed to take at least the
amount of time you specify. The authentication manager
adds a delay to the actual response time to keep this guarantee. - The values can use decimals. "0.025" would make responses take a
consistent 25 milliseconds or slightly more. - This setting is optional.
- Minimum value: 0 (Disables login time guarantee)
- Maximum value: 5.0
- Default: 0
verboseLoginFailMsg = <boolean>
- Specifies whether or not the login failure message explains
the failure reason. - When set to true, the Splunk platform displays a message on login
along with the failure reason. - When set to false, the Splunk platform displays a generic failure
message without a specific failure reason. - This setting is optional.
- Default: true