2010-11-27 13:22:25 +01:00
|
|
|
<!-- doc/src/sgml/auth-delay.sgml -->
|
|
|
|
|
2011-05-08 04:29:20 +02:00
|
|
|
<sect1 id="auth-delay" xreflabel="auth_delay">
|
2010-11-27 13:22:25 +01:00
|
|
|
<title>auth_delay</title>
|
|
|
|
|
|
|
|
<indexterm zone="auth-delay">
|
|
|
|
<primary>auth_delay</primary>
|
|
|
|
</indexterm>
|
|
|
|
|
|
|
|
<para>
|
|
|
|
<filename>auth_delay</filename> causes the server to pause briefly before
|
|
|
|
reporting authentication failure, to make brute-force attacks on database
|
|
|
|
passwords more difficult. Note that it does nothing to prevent
|
|
|
|
denial-of-service attacks, and may even exacerbate them, since processes
|
|
|
|
that are waiting before reporting authentication failure will still consume
|
|
|
|
connection slots.
|
|
|
|
</para>
|
|
|
|
|
|
|
|
<para>
|
2011-08-07 15:11:55 +02:00
|
|
|
In order to function, this module must be loaded via
|
2010-11-27 13:22:25 +01:00
|
|
|
<xref linkend="guc-shared-preload-libraries"> in <filename>postgresql.conf</>.
|
|
|
|
</para>
|
|
|
|
|
|
|
|
<sect2>
|
2011-01-29 19:00:18 +01:00
|
|
|
<title>Configuration Parameters</title>
|
2010-11-27 13:22:25 +01:00
|
|
|
|
|
|
|
<variablelist>
|
|
|
|
<varlistentry>
|
|
|
|
<term>
|
|
|
|
<varname>auth_delay.milliseconds</varname> (<type>int</type>)
|
2014-05-07 03:28:58 +02:00
|
|
|
<indexterm>
|
|
|
|
<primary><varname>auth_delay.milliseconds</> configuration parameter</primary>
|
|
|
|
</indexterm>
|
2010-11-27 13:22:25 +01:00
|
|
|
</term>
|
|
|
|
<listitem>
|
|
|
|
<para>
|
|
|
|
The number of milliseconds to wait before reporting an authentication
|
|
|
|
failure. The default is 0.
|
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
</varlistentry>
|
|
|
|
</variablelist>
|
|
|
|
|
|
|
|
<para>
|
2011-10-04 18:36:18 +02:00
|
|
|
These parameters must be set in <filename>postgresql.conf</>.
|
|
|
|
Typical usage might be:
|
2010-11-27 13:22:25 +01:00
|
|
|
</para>
|
|
|
|
|
|
|
|
<programlisting>
|
|
|
|
# postgresql.conf
|
|
|
|
shared_preload_libraries = 'auth_delay'
|
|
|
|
|
|
|
|
auth_delay.milliseconds = '500'
|
|
|
|
</programlisting>
|
|
|
|
</sect2>
|
|
|
|
|
|
|
|
<sect2>
|
|
|
|
<title>Author</title>
|
|
|
|
|
|
|
|
<para>
|
|
|
|
KaiGai Kohei <email>kaigai@ak.jp.nec.com</email>
|
|
|
|
</para>
|
|
|
|
</sect2>
|
|
|
|
|
|
|
|
</sect1>
|