diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-13 13:44:03 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-13 13:44:03 +0000 |
| commit | 293913568e6a7a86fd1479e1cff8e2ecb58d6568 (patch) | |
| tree | fc3b469a3ec5ab71b36ea97cc7aaddb838423a0c /doc/src/sgml/auth-delay.sgml | |
| parent | Initial commit. (diff) | |
| download | postgresql-16-293913568e6a7a86fd1479e1cff8e2ecb58d6568.tar.xz postgresql-16-293913568e6a7a86fd1479e1cff8e2ecb58d6568.zip | |
Adding upstream version 16.2.upstream/16.2
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'doc/src/sgml/auth-delay.sgml')
| -rw-r--r-- | doc/src/sgml/auth-delay.sgml | 65 |
1 files changed, 65 insertions, 0 deletions
diff --git a/doc/src/sgml/auth-delay.sgml b/doc/src/sgml/auth-delay.sgml new file mode 100644 index 0000000..0571f2a --- /dev/null +++ b/doc/src/sgml/auth-delay.sgml @@ -0,0 +1,65 @@ +<!-- doc/src/sgml/auth-delay.sgml --> + +<sect1 id="auth-delay" xreflabel="auth_delay"> + <title>auth_delay — pause on authentication failure</title> + + <indexterm zone="auth-delay"> + <primary>auth_delay</primary> + </indexterm> + + <para> + <filename>auth_delay</filename> causes the server to pause briefly before + reporting authentication failure, to make brute-force attacks on database + passwords more difficult. Note that it does nothing to prevent + denial-of-service attacks, and may even exacerbate them, since processes + that are waiting before reporting authentication failure will still consume + connection slots. + </para> + + <para> + In order to function, this module must be loaded via + <xref linkend="guc-shared-preload-libraries"/> in <filename>postgresql.conf</filename>. + </para> + + <sect2 id="auth-delay-configuration-parameters"> + <title>Configuration Parameters</title> + + <variablelist> + <varlistentry> + <term> + <varname>auth_delay.milliseconds</varname> (<type>integer</type>) + <indexterm> + <primary><varname>auth_delay.milliseconds</varname> configuration parameter</primary> + </indexterm> + </term> + <listitem> + <para> + The number of milliseconds to wait before reporting an authentication + failure. The default is 0. + </para> + </listitem> + </varlistentry> + </variablelist> + + <para> + These parameters must be set in <filename>postgresql.conf</filename>. + Typical usage might be: + </para> + +<programlisting> +# postgresql.conf +shared_preload_libraries = 'auth_delay' + +auth_delay.milliseconds = '500' +</programlisting> + </sect2> + + <sect2 id="auth-delay-author"> + <title>Author</title> + + <para> + KaiGai Kohei <email>kaigai@ak.jp.nec.com</email> + </para> + </sect2> + +</sect1> |