Set up user authentication with external systems
Splunk ships with support for four types of authentication systems:
- Splunk's built-in system
- A scripted authentication API for use with an external authentication system, such as PAM or RADIUS, described in this section.
Important: Splunk's built-in system always takes precedence over any external systems. This is the order in which Splunk authenticates a user:
1. Splunk built-in authentication
2. LDAP or scripted authentication (if enabled). For more information about LDAP, see "Set up user authentication with LDAP".
How scripted authentication works
In scripted authentication, a user-generated Python script serves as the middleman between the Splunk server and an external authentication system such as PAM or RADIUS.
The API consists of a few functions that handle communications between Splunk and the authentication system. You need to create a script with handlers that implement those functions.
To use your authentication system with Splunk, make sure the authentication system is running and then do the following:
1. Create a Python authentication script. See "Create the authentication script" for the procedure.
2. Enable your script by editing authentication.conf to specify scripted authentication and associated settings. See "Edit authentication.conf" for the procedure.
Splunk provides several example authentication scripts and associated configuration files, including one set for RADIUS and another for PAM. There is also a simple script called
dumbScripted.py, which focuses on the interaction between the script and Splunk.
You can use an example script and configuration file as the starting point for creating your own script. You must modify them for your environment.
You can find these examples in
$SPLUNK_HOME/share/splunk/authScriptSamples/. That directory also contains a README file with information on the examples, as well as additional information on setting up the connection between Splunk and external systems.
Important: Splunk does not provide support for these scripts, nor does it guarantee that they will fully meet your authentication and security needs. They are meant to serve as examples that you can modify or extend as needed.
Create the authentication script
This documentation applies to the following versions of Splunk® Enterprise: 5.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 5.0.6, 5.0.7, 5.0.8, 5.0.9, 5.0.10, 5.0.11, 5.0.12, 5.0.13, 5.0.14, 5.0.15, 5.0.16, 5.0.17, 5.0.18, 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, 6.0.7, 6.0.8, 6.0.9, 6.0.10, 6.0.11, 6.0.12, 6.0.13, 6.0.14, 6.1, 6.1.1, 6.1.2, 6.1.3, 6.1.4, 6.1.5, 6.1.6, 6.1.7, 6.1.8, 6.1.9, 6.1.10, 6.1.11, 6.1.12, 6.1.13, 6.2.0, 6.2.1, 6.2.2, 6.2.3, 6.2.4, 6.2.5, 6.2.6, 6.2.7, 6.2.8, 6.2.9, 6.2.10, 6.2.11, 6.2.12, 6.2.13, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, 6.3.7, 6.3.8, 6.3.9, 6.3.10, 6.3.11, 6.3.12