I have setup the Splunk native password policy on my company's implementation but it seems like the password expiration alert does not work as expected. Today I have many users complaining that their password has expired but did not receive, or notice any warning.
I was assuming that the 15 day alerts would be a "highlighted bar" at the top of the splunk page (fine for daily users) but for occasional users I was expecting an email. Reading over the docs I can only find information on how to set this but not any detail on what it actually does.
↧