Solved: Re: PassAuth not working in Splunk 6.2

srobinsonxtl · ‎09-15-2015

I am writing a script were I need to pass authentication to access storage password. I update the commands.conf and added the passAuth = True as well as updated the inputs.conf with passAuth = admin, but I can't seem to get the sessionKey.

This code does work, sessionKey = splunk.auth.getSessionKey('admin','changeme') but when I do sessionKey= sys.stdin.readline().strip() it doesn't work. Am I missing something?

Here is my code:

import splunk.entity as entity
import splunk.auth, splunk.search
import sys, os


def getCredentials(sessionKey):
    myapp = 'test'
    try:
        # list all credentials
        entities = entity.getEntities(
            ['admin', 'passwords'], namespace=myapp,
            owner='nobody', sessionKey=sessionKey)
    except Exception, e:
        raise Exception(
            "Could not get %s credentials from splunk."
            "Error: %s" % (myapp, str(e)))
    credentials = []
    # return credentials
    for i, c in entities.items():
        credentials.append((c['username'], c['clear_password']))
    return credentials
    raise Exception("No credentials have been found")
sessionKey = sys.stdin.readline().strip()
print sessionKey
credentials = getCredentials(sessionKey)
for username, password in credentials:
    print username
    print password

Thanks for your help,

Stephen Robinson

srobinsonxtl · ‎09-24-2015

After taking a break and thinking about it, I was able to get this to work.

from splunk import Intersplunk as si
import splunk.entity as entity
import splunk.auth, splunk.search
import sys, os


def getCredentials(sessionKey):
    myapp = 'your_app_name'
    try:
        # list all credentials
        entities = entity.getEntities(
            ['admin', 'passwords'], namespace=myapp,
            owner='nobody', sessionKey=sessionKey)
    except Exception, e:
        raise Exception(
            "Could not get %s credentials from splunk."
            "Error: %s" % (myapp, str(e)))
    credentials = []
    # return credentials
    for i, c in entities.items():
        if c['username'] == 'filter_username_ you_want_to_get':
            credentials.append((c['username'], c['clear_password']))
    return credentials
    raise Exception("No credentials have been found")


settings = dict()
si.readResults(settings = settings, has_header = True)
sessionKey = settings['sessionKey']
print "username"

credentials = getCredentials(sessionKey)
for username, password in credentials:
        print password

View solution in original post

srobinsonxtl · ‎09-24-2015

After taking a break and thinking about it, I was able to get this to work.

from splunk import Intersplunk as si
import splunk.entity as entity
import splunk.auth, splunk.search
import sys, os


def getCredentials(sessionKey):
    myapp = 'your_app_name'
    try:
        # list all credentials
        entities = entity.getEntities(
            ['admin', 'passwords'], namespace=myapp,
            owner='nobody', sessionKey=sessionKey)
    except Exception, e:
        raise Exception(
            "Could not get %s credentials from splunk."
            "Error: %s" % (myapp, str(e)))
    credentials = []
    # return credentials
    for i, c in entities.items():
        if c['username'] == 'filter_username_ you_want_to_get':
            credentials.append((c['username'], c['clear_password']))
    return credentials
    raise Exception("No credentials have been found")


settings = dict()
si.readResults(settings = settings, has_header = True)
sessionKey = settings['sessionKey']
print "username"

credentials = getCredentials(sessionKey)
for username, password in credentials:
        print password

PassAuth not working in Splunk 6.2

Cloud Platform & Enterprise: Classic Dashboard Export Feature Deprecation

Explore the Latest Educational Offerings from Splunk (November Releases)

New This Month in Splunk Observability Cloud - Metrics Usage Analytics, Enhanced K8s ...