1 files changed, 65 insertions, 0 deletions

diff --git a/doc/src/sgml/auth-delay.sgml b/doc/src/sgml/auth-delay.sgml
new file mode 100644
index 0000000..3bc9cfb
--- /dev/null
+++ b/doc/src/sgml/auth-delay.sgml
@@ -0,0 +1,65 @@
+<!-- doc/src/sgml/auth-delay.sgml -->
+
+<sect1 id="auth-delay" xreflabel="auth_delay">
+ <title>auth_delay</title>
+
+ <indexterm zone="auth-delay">
+  <primary>auth_delay</primary>
+ </indexterm>
+
+ <para>
+  <filename>auth_delay</filename> causes the server to pause briefly before
+  reporting authentication failure, to make brute-force attacks on database
+  passwords more difficult.  Note that it does nothing to prevent
+  denial-of-service attacks, and may even exacerbate them, since processes
+  that are waiting before reporting authentication failure will still consume
+  connection slots.
+ </para>
+
+ <para>
+  In order to function, this module must be loaded via
+  <xref linkend="guc-shared-preload-libraries"/> in <filename>postgresql.conf</filename>.
+ </para>
+
+ <sect2>
+  <title>Configuration Parameters</title>
+
+  <variablelist>
+   <varlistentry>
+    <term>
+     <varname>auth_delay.milliseconds</varname> (<type>integer</type>)
+     <indexterm>
+      <primary><varname>auth_delay.milliseconds</varname> configuration parameter</primary>
+     </indexterm>
+    </term>
+    <listitem>
+     <para>
+      The number of milliseconds to wait before reporting an authentication
+      failure.  The default is 0.
+     </para>
+    </listitem>
+   </varlistentry>
+  </variablelist>
+
+  <para>
+   These parameters must be set in <filename>postgresql.conf</filename>.
+   Typical usage might be:
+  </para>
+
+<programlisting>
+# postgresql.conf
+shared_preload_libraries = 'auth_delay'
+
+auth_delay.milliseconds = '500'
+</programlisting>
+ </sect2>
+
+ <sect2>
+  <title>Author</title>
+
+  <para>
+   KaiGai Kohei <email>kaigai@ak.jp.nec.com</email>
+  </para>
+ </sect2>
+
+</sect1>