Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Set "splunk variable" during scripted authentication (radius)

sdwilkerson
Contributor
‎04-20-2010 02:57 PM

In Splunk-4.1.1:

The script scriptedRadius.py is called several times during the login process for various fucntions such as userLogin, getUsersRole.

I have extracted and set variables during the first run (userLogin) but want to make them available when the script runs next for getUsersRole. Is there a good way to save a "Splunk Variable" from the script that would be available at next run?

An alternative would be to write the information out to a tempfile but this seems messy.

Thanks, Sean

Tags (2)
Reply
1 Solution
Solved! Jump to solution
Solution

Mick
Splunk Employee
Splunk Employee
‎04-20-2010 11:15 PM

Hi Sean,

One solution would be to configure each call to talk to Radius and return the role information required, you could then use cachetiming to make that info persist long enough to be useful for any subsequent authentication calls.

You could also configure your initial call to Radius to add user & role info to a dictionary and then the subsequent calls can just read from there, but you would have to make sure that the dictionary is refreshed on login every time, to account for role changes.

View solution in original post

0 Karma
Reply
Solved! Jump to solution

sdwilkerson
Contributor
‎04-21-2010 11:28 AM

We currently have the script writing a temp file for each user during the authentication process. The script call uses the username as a key to find the appropriate file (to help avoid collisions). This is not pretty, and requires now filehandles and cleanup which wouldn't be necessary if a dictionary could be used.

Still looking for a long-term solution.

Thanks, Sean

0 Karma
Reply
Solved! Jump to solution
Solution

Mick
Splunk Employee
Splunk Employee
‎04-20-2010 11:15 PM

Hi Sean,

One solution would be to configure each call to talk to Radius and return the role information required, you could then use cachetiming to make that info persist long enough to be useful for any subsequent authentication calls.

You could also configure your initial call to Radius to add user & role info to a dictionary and then the subsequent calls can just read from there, but you would have to make sure that the dictionary is refreshed on login every time, to account for role changes.

0 Karma
Reply
Solved! Jump to solution

sdwilkerson
Contributor
‎04-21-2010 11:26 AM

Thanks Mick,
Subsequent radius calls is inefficient. Radius unfortunately isn't like an LDAP (or DB) query where you ask for distinct information, you get the entire user_entry with each request then parse out what you want. Although this will work, I think it isn't a great operational solution.

Regarding the persistent dictionary, this was actually the crux of my question. We have tried this a few ways and upon subsequent runs of the script the dictionary is not persistent.
So, what dictionary (or Splunk resource) can we use to make this info persistent?
Thanks,
Sean

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Register for .conf25!
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

 Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

What's New in Splunk Observability - August 2025

What's New We are excited to announce the latest enhancements to Splunk Observability Cloud as well as what is ...

Introduction to Splunk AI

How are you using AI in Splunk? Whether you see AI as a threat or opportunity, AI is here to stay. Lucky for ...