Hi Kids,

So we have added in flexible roles into the preview release. Well, what does that mean.
We will now allow folks to create their own roles. The previous ones of Admin, Power
and User will be included as defaults.

There is currently no GUI available for editing roles but you can directly edit the
config file $SPLUNK_HOME/etc/bundles/default/authorize.conf.

To add in these roles we did an audit of our system and broke down various actions
into capabilities. These capabilities can be grouped together to create any role.
Please bear with us here, this is just a first cut and we may not have chopped up
things in a way that makes sense to you. This is the beauty of preview, you got a suggestion
about capabilities you’d like to see added or removed then comment or mail us.
The more feedback we get at this stage the faster this feature will improve.

A role in the splunk system contains the following things.
1. A list of capabilities that role can perform.
2. A list of roles that are contained within this role ( their capabilities will be imported into our role)
3. A list of search filters that should be applied when searching as this role.

Below demonstrates how to define a role called kwyjibo that can edit users information and
make changes to the authentication system. It imports in the capabilities of the roles User and Power.

[role_kwyjibo]
edit_user = enabled
change_authentication = enabled
bounce_authentication = enabled
importRoles = Power;User
srchFilter =

If you have any questions, comments please let me know.

Rory

Hey Kids,

How are things? so I’ve made some progress in my attempt to code myself out of a job. Just checked the scripted auth into the preview branch which should be released in a few days. It’s very basic right now with more improvements to come. At the moment userLogin, getUserType and getUserInfo are the only methods you need to fill in.

I’ve written up a sample that interfaces with PAM on the linux, using /etc/passwd to get user lists. Mac users skip the pamauth.c compile you don’t need this app and pam don’t like macs ( can’t say I blame pam on that score)

First off a pamauth.c program to compile that will talk to pam for ya. Donated by Phillppe Troin, thank you fif. Feel free to take and edit for your own purposes, but you must send fif a chocolate chip cookie if you found it useful.

File pamauth.c is attach due to severe lameness on part of wordpress, insisting on screwing with the #include’s

pamauth.c

Compile that puppy like so
gcc -Wall -Wextra -o pamauth pamauth.c -lpam

You may need to create an entry for pam
edit /etc/pam.d/pamauth and put this line in
auth sufficient pam_unix.so

To access pam root access is usually required so we will just set the pamauth script setuid instead of running splunk as root (which would be deeply stupid BTW).

as root:
chown root.root pamauth; chmod a+s pamauth

You can test it by doing echo PASSWORD | ./pamauth username
returns 0 for auth passed
returns 1 on fail.

K now that you have your nifty pam app running you need to add your python script that will interface
with splunk. As they say on cooking shows, here’s one we made earlier.

[source:py]
# Required functions;
# 1. userLogin : login with

Just fresh from the splunk poker game. Good fun, made a whopping $10. Jef looked like
he was on the verge or paying for his kids education. Maverick even threatened to sing,
good times.

So Erik did a pretty good job of describing the environment here at splunk.
The people here are great and lots of fun, there are some great problems
just begging to be solved, we need more monkeys on them typewriters

Poker games, golf, visits to the jackson arms, beer pong, foosball
(Raffy really needs a challenge )

Don’t worry about that collage bit http://en.wikipedia.org/wiki/Collage

Erik insists everyone draw a picture of themselves in crayon, but really
who doesn’t ask for that in a serious interview these days.

In the coming weeks I’m going to be working on a way to allow people to
plug in their own auth systems. We’ve had requests running the gamut from
the normal stuff like PAM, RADIUS etc to carrier pidgeon and bob’s trusty
auth system. The most common thread of all these is that they are all scriptable.
You folks know your own auth systems. We’ll throw this in the unstable
release/dev branch that we’ll be launching and hopefully get some feed back
from you folks to fine tune it before we put it into stable.

Now that I’ve said that in public I’m well and truly screwed and will have to do it.