Re: "constant login time"

templets · ‎08-20-2021

Under "Settings > Access Controls > Password Policy Management" in the "Login Settings " section, there is a field named "Constant login time" with a caption that reads:

"Sets a login time that stays consistent regardless of user settings. Set a time between .001 and 5 seconds. Set to 0 to disable the feature."

I can't find this referenced in any Splunk docs or other posts. Can someone explain just what this is for?

Thanks.

scelikok · ‎09-14-2022

Hi @apietersen and @templets,

This option adds the given time to all login responses to help mitigate login timing attacks.

https://docs.splunk.com/Documentation/Splunk/9.0.1/Admin/Authenticationconf#Settings_for_Splunk_Auth...

constantLoginTime = <decimal>
* The amount of time, in seconds, that the authentication manager
  waits before returning any kind of response to a login request.
* This setting helps mitigate login timing attacks. If you want to use the
  setting, test it in your environment first to determine the appropriate
  value.
* When you configure this setting, a login failure is guaranteed to take at least the
  amount of time you specify. The authentication manager
  adds a delay to the actual response time to keep this guarantee.
* The values can use decimals. "0.025" would make responses take a
  consistent 25 milliseconds or slightly more.
* This setting is optional.
* Minimum value: 0 (Disables login time guarantee)
* Maximum value: 5.0
* Default: 0

If this reply helps you an upvote and "Accept as Solution" is appreciated.

apietersen · ‎09-14-2022

Do not understand this option either

What is "constant login time" setting and what is it for?

access control

authentication

Introducing the Splunk Community Dashboard Challenge!

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...