Security

SSO reload auth (alternatives and/or role)

Path Finder

I have a script that modifies the users so we can authenticate VIA SSO. I was hoping that splunk would reload auth by itself once in a while, but it seems like the only 2 ways to get the password file refreshed is to restart splunk or run splunk reload auth command.

I would be OK with running reload auth command when the file gets updated, but I don't want to write a script with our admin username/password in it.
So, any other alternatives. Is there a timeout to force splunk to refresh auth automatically, and/or what role capabilities are required in order to run the reload-auth command?

Thanks

Tags (2)
0 Karma

Splunk Employee
Splunk Employee

I don't have a great solution for you, but a hack might be to create a custom script that calls the reload, configure it to be a custom Splunk search command, and schedule it using the Splunk scheduler to run as the Splunk admin user. The trick here is that a custom search command can receive a Splunk authentication token in the header info (the first line of stdin) when it is called, and you can use that authentication token to call right back into Splunkd.

0 Karma