Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Set "splunk variable" during scripted authentication (radius)

sdwilkerson
Contributor
‎04-20-2010 02:57 PM

In Splunk-4.1.1:

The script scriptedRadius.py is called several times during the login process for various fucntions such as userLogin, getUsersRole.

I have extracted and set variables during the first run (userLogin) but want to make them available when the script runs next for getUsersRole. Is there a good way to save a "Splunk Variable" from the script that would be available at next run?

An alternative would be to write the information out to a tempfile but this seems messy.

Thanks, Sean

Tags (2)
Reply
1 Solution
Solved! Jump to solution
Solution

Mick
Splunk Employee
Splunk Employee
‎04-20-2010 11:15 PM

Hi Sean,

One solution would be to configure each call to talk to Radius and return the role information required, you could then use cachetiming to make that info persist long enough to be useful for any subsequent authentication calls.

You could also configure your initial call to Radius to add user & role info to a dictionary and then the subsequent calls can just read from there, but you would have to make sure that the dictionary is refreshed on login every time, to account for role changes.

View solution in original post

0 Karma
Reply
Solved! Jump to solution

sdwilkerson
Contributor
‎04-21-2010 11:28 AM

We currently have the script writing a temp file for each user during the authentication process. The script call uses the username as a key to find the appropriate file (to help avoid collisions). This is not pretty, and requires now filehandles and cleanup which wouldn't be necessary if a dictionary could be used.

Still looking for a long-term solution.

Thanks, Sean

0 Karma
Reply
Solved! Jump to solution
Solution

Mick
Splunk Employee
Splunk Employee
‎04-20-2010 11:15 PM

Hi Sean,

One solution would be to configure each call to talk to Radius and return the role information required, you could then use cachetiming to make that info persist long enough to be useful for any subsequent authentication calls.

You could also configure your initial call to Radius to add user & role info to a dictionary and then the subsequent calls can just read from there, but you would have to make sure that the dictionary is refreshed on login every time, to account for role changes.

0 Karma
Reply
Solved! Jump to solution

sdwilkerson
Contributor
‎04-21-2010 11:26 AM

Thanks Mick,
Subsequent radius calls is inefficient. Radius unfortunately isn't like an LDAP (or DB) query where you ask for distinct information, you get the entire user_entry with each request then parse out what you want. Although this will work, I think it isn't a great operational solution.

Regarding the persistent dictionary, this was actually the crux of my question. We have tried this a few ways and upon subsequent runs of the script the dictionary is not persistent.
So, what dictionary (or Splunk resource) can we use to make this info persistent?
Thanks,
Sean

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Index This | What travels the world but is also stuck in place?

April 2026 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Realizing the full potential of your Splunk investment requires more than just understanding current usage; it ...

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...

As data volumes continue to grow and environments become more distributed, managing and optimizing data ...