What is "constant login time" setting and what is ...

templets · ‎08-20-2021

Under "Settings > Access Controls > Password Policy Management" in the "Login Settings " section, there is a field named "Constant login time" with a caption that reads:

"Sets a login time that stays consistent regardless of user settings. Set a time between .001 and 5 seconds. Set to 0 to disable the feature."

I can't find this referenced in any Splunk docs or other posts. Can someone explain just what this is for?

Thanks.

scelikok · ‎09-14-2022

Hi @apietersen and @templets,

This option adds the given time to all login responses to help mitigate login timing attacks.

https://docs.splunk.com/Documentation/Splunk/9.0.1/Admin/Authenticationconf#Settings_for_Splunk_Auth...

constantLoginTime = <decimal>
* The amount of time, in seconds, that the authentication manager
  waits before returning any kind of response to a login request.
* This setting helps mitigate login timing attacks. If you want to use the
  setting, test it in your environment first to determine the appropriate
  value.
* When you configure this setting, a login failure is guaranteed to take at least the
  amount of time you specify. The authentication manager
  adds a delay to the actual response time to keep this guarantee.
* The values can use decimals. "0.025" would make responses take a
  consistent 25 milliseconds or slightly more.
* This setting is optional.
* Minimum value: 0 (Disables login time guarantee)
* Maximum value: 5.0
* Default: 0

If this reply helps you an upvote and "Accept as Solution" is appreciated.

apietersen · ‎09-14-2022

Do not understand this option either

What is "constant login time" setting and what is it for?

access control

authentication

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Combine Multiline Logs into a Single Event with SOCK: a Step-by-Step Guide for ...