Scripted authentication

Scripted authentication

Splunk ships with support for three authentication systems: Splunk's built-in system, LDAP and a new scripted authentication API. With the new scripted authentication system, you can set up Splunk to interface with an authentication system you already have in place.

Commands

Scripted authentication currently has three built-in commands. Here is a descriptive list of these commands, including their inputs and outputs.

• userlogin: login with username/password pair
  • in: --username=<username> --password=<password> (passed over stdin)
  • out: --status=<status_bit> --search_filter=<search_filter>(optional) --authToken=<tok> (optional)success (or fail)
• getUserType: this command corresponds to the role within Splunk (for example Admin, Power or User)
  • in: --username=<username> --authToken=<tok> (optional)
  • out: --status=<status_bit> --role=<role> (eg Admin)
• getUserInfo: get user information
  • in: --username=<username> --authToken=<tok> (optional)
  • out: --status=<status_bit> --userInfo=<userId>;<username>;<realname>;<role>

Supplemental calls:

• getUsers
  • in: --authToken=<tok> (optional)
  • out: --status=<status_bit> --userInfo=<userId>;<username>;<realname>;<role> --userInfo1=<userId>;<username>;<realname>;<role>....

Advanced calls (ticked checking systems etc.):

• checkSession
  • in: --authToken=<tok> (optional)
  • out: --status=<status_bit>

Every out starts with a <status_bit> which is one of the following:

• success
  • The command succeeded correctly.
• tmp_fail
  • Temporary failure of auth plugin. Attempt to just go on.
• auth_fail
  • Failure to authenticate. Terminate the user's session.

Example

For an example on using scripted authentication with PAM, please see this entry in scripted auth developer Rory's blog.

NOTE: Set the pamauth script setuid instead of running Splunk as root.

• Was this topic useful?
• Post a comment