| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | postbox giridhar <giridharpostbox(at)gmail(dot)com>, pgsql-admin(at)lists(dot)postgresql(dot)org |
| Subject: | Re: Lock after several failed login attempts |
| Date: | 2021-03-09 18:45:07 |
| Message-ID: | 20210309184507.GP20766@tamriel.snowman.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
Greetings,
* Tom Lane (tgl(at)sss(dot)pgh(dot)pa(dot)us) wrote:
> postbox giridhar <giridharpostbox(at)gmail(dot)com> writes:
> > Is it possible to lock a database user after several failed login attempts.
>
> No such thing is built into PG. You can use external authentication
> solutions, such as PAM, for this and related requirements.
Attempting to arrange for this to happen with the typcial PAM modules is
a disaster since PG's authentication code doesn't run as root and the
PAM modules expect to, not to mention that the account then has to exist
in the PAM world (as an actual unix user) and be authenticated using PAM
methods (meaning you can't use PG's SCRAM).
This capability, among many others in this area, are missing in PG today
and we should accept that and hopefully someone will then work on
implementing them. Suggesting to use PAM really isn't helpful.
Thanks,
Stephen
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Holger Jakobs | 2021-03-09 20:45:32 | Re: Lock after several failed login attempts |
| Previous Message | Tom Lane | 2021-03-09 18:20:27 | Re: Lock after several failed login attempts |