Security

Set "splunk variable" during scripted authentication (radius)

Contributor

In Splunk-4.1.1:

The script scriptedRadius.py is called several times during the login process for various fucntions such as userLogin, getUsersRole.

I have extracted and set variables during the first run (userLogin) but want to make them available when the script runs next for getUsersRole. Is there a good way to save a "Splunk Variable" from the script that would be available at next run?

An alternative would be to write the information out to a tempfile but this seems messy.

Thanks, Sean

Tags (2)
1 Solution

Splunk Employee
Splunk Employee

Hi Sean,

One solution would be to configure each call to talk to Radius and return the role information required, you could then use cachetiming to make that info persist long enough to be useful for any subsequent authentication calls.

You could also configure your initial call to Radius to add user & role info to a dictionary and then the subsequent calls can just read from there, but you would have to make sure that the dictionary is refreshed on login every time, to account for role changes.

View solution in original post

0 Karma

Contributor

We currently have the script writing a temp file for each user during the authentication process. The script call uses the username as a key to find the appropriate file (to help avoid collisions). This is not pretty, and requires now filehandles and cleanup which wouldn't be necessary if a dictionary could be used.

Still looking for a long-term solution.

Thanks, Sean

0 Karma

Splunk Employee
Splunk Employee

Hi Sean,

One solution would be to configure each call to talk to Radius and return the role information required, you could then use cachetiming to make that info persist long enough to be useful for any subsequent authentication calls.

You could also configure your initial call to Radius to add user & role info to a dictionary and then the subsequent calls can just read from there, but you would have to make sure that the dictionary is refreshed on login every time, to account for role changes.

View solution in original post

0 Karma

Contributor

Thanks Mick,
Subsequent radius calls is inefficient. Radius unfortunately isn't like an LDAP (or DB) query where you ask for distinct information, you get the entire user_entry with each request then parse out what you want. Although this will work, I think it isn't a great operational solution.

Regarding the persistent dictionary, this was actually the crux of my question. We have tried this a few ways and upon subsequent runs of the script the dictionary is not persistent.
So, what dictionary (or Splunk resource) can we use to make this info persistent?
Thanks,
Sean

0 Karma
State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!