Scripted PAM authentication in 8.1.2

Marlan — Mon, 22 Feb 2021 16:35:30 GMT

We have setup a distributed sandbox system with release 8.1.2.

We have configured scripted authentication on our search head based on the PAM scripts located in $SPLUNK_HOME/share/splunk/authScriptSamples. We are using the userMapping.py, pamScripted.py and a compiled version of pamauth.c in our setup. We have made some minor modifications to pamScripted.py to make sure that the script only returns users that are in userMapping.py instead of everyone in /etc/passwd, otherwise we have just followed the configuration guidelines in Securing the Splunk Platform manual.
When a user tries to login we get errors in splunkd.log like these

TypeError: memoryview: a bytes-like object is required, not 'str'

The full sequence of error messages are
ERROR ScriptRunner - stderr from '/opt/splunk/bin/python3.7 /opt/splunk/pamscripts/pamScripted.py userLogin': usage: Traceback (most recent call last):
ERROR ScriptRunner - stderr from '/opt/splunk/bin/python3.7 /opt/splunk/pamscripts/pamScripted.py userLogin': File "/opt/splunk/pamscripts/pamScripted.py", line 177, in <module>
ERROR ScriptRunner - stderr from '/opt/splunk/bin/python3.7 /opt/splunk/pamscripts/pamScripted.py userLogin': userLogin( dictIn )
ERROR ScriptRunner - stderr from '/opt/splunk/bin/python3.7 /opt/splunk/pamscripts/pamScripted.py userLogin': File "/opt/splunk/pamscripts/pamScripted.py", line 60, in userLogin
ERROR ScriptRunner - stderr from '/opt/splunk/bin/python3.7 /opt/splunk/pamscripts/pamScripted.py userLogin': output = proc.communicate( infoIn['password'] )
ERROR ScriptRunner - stderr from '/opt/splunk/bin/python3.7 /opt/splunk/pamscripts/pamScripted.py userLogin': File "/opt/splunk/lib/python3.7/subprocess.py", line 964, in communicate
ERROR ScriptRunner - stderr from '/opt/splunk/bin/python3.7 /opt/splunk/pamscripts/pamScripted.py userLogin': stdout, stderr = self._communicate(input, endtime, timeout)
ERROR ScriptRunner - stderr from '/opt/splunk/bin/python3.7 /opt/splunk/pamscripts/pamScripted.py userLogin': File "/opt/splunk/lib/python3.7/subprocess.py", line 1695, in _communicate
ERROR ScriptRunner - stderr from '/opt/splunk/bin/python3.7 /opt/splunk/pamscripts/pamScripted.py userLogin': input_view = memoryview(self._input)
ERROR ScriptRunner - stderr from '/opt/splunk/bin/python3.7 /opt/splunk/pamscripts/pamScripted.py userLogin': TypeError: memoryview: a bytes-like object is required, not 'str'

Seems to me that the pamScripted.py script has not been changed to work under python 3.7.

Did anyone manage to make it work in earlier versions of release 8?

Re: Scripted PAM authentication in 8.1.2

Marlan — Tue, 23 Feb 2021 15:50:19 GMT

The solution was to modify this line in pamScripted.py

Replace in line 60
output = proc.communicate( infoIn['password'] )
with
output = proc.communicate( bytes(infoIn['password'],'utf8') )

topic Scripted PAM authentication in 8.1.2 in Security

Scripted PAM authentication in 8.1.2

Re: Scripted PAM authentication in 8.1.2