Note: Tina pointed out that this does not apply to the authorize.conf file. This will be fixed in an upcoming version of splunk.
This comes up every once in a while on the support channel (EFnet/#splunk), so I guess that means I should do a blog post on it.
If you’re making changes to the authentication.conf file and want to reload Splunk’s auth system without going through the web UI, you can use one of our internal functions to do it at the command line:
$ splunk _internal rpc-auth ‘<call name=”syncAuth”><params/></call>’
This fires off the same call that the UI would use to reload the auth system, so it functions identically. Note that this is an authenticated call, so you’ll need to use one of the standard authentication methods (-auth, splunk login, or the SPLUNK_USERNAME/SPLUNK_PASSWORD env vars…).