1<!-- doc/src/sgml/auth-delay.sgml --> 2 3<sect1 id="auth-delay" xreflabel="auth_delay"> 4 <title>auth_delay</title> 5 6 <indexterm zone="auth-delay"> 7 <primary>auth_delay</primary> 8 </indexterm> 9 10 <para> 11 <filename>auth_delay</filename> causes the server to pause briefly before 12 reporting authentication failure, to make brute-force attacks on database 13 passwords more difficult. Note that it does nothing to prevent 14 denial-of-service attacks, and may even exacerbate them, since processes 15 that are waiting before reporting authentication failure will still consume 16 connection slots. 17 </para> 18 19 <para> 20 In order to function, this module must be loaded via 21 <xref linkend="guc-shared-preload-libraries"/> in <filename>postgresql.conf</filename>. 22 </para> 23 24 <sect2> 25 <title>Configuration Parameters</title> 26 27 <variablelist> 28 <varlistentry> 29 <term> 30 <varname>auth_delay.milliseconds</varname> (<type>int</type>) 31 <indexterm> 32 <primary><varname>auth_delay.milliseconds</varname> configuration parameter</primary> 33 </indexterm> 34 </term> 35 <listitem> 36 <para> 37 The number of milliseconds to wait before reporting an authentication 38 failure. The default is 0. 39 </para> 40 </listitem> 41 </varlistentry> 42 </variablelist> 43 44 <para> 45 These parameters must be set in <filename>postgresql.conf</filename>. 46 Typical usage might be: 47 </para> 48 49<programlisting> 50# postgresql.conf 51shared_preload_libraries = 'auth_delay' 52 53auth_delay.milliseconds = '500' 54</programlisting> 55 </sect2> 56 57 <sect2> 58 <title>Author</title> 59 60 <para> 61 KaiGai Kohei <email>kaigai@ak.jp.nec.com</email> 62 </para> 63 </sect2> 64 65</sect1> 66