| From: | Holger Jakobs <holger(at)jakobs(dot)com> |
|---|---|
| To: | pgsql-admin(at)lists(dot)postgresql(dot)org |
| Subject: | Re: Lock after several failed login attempts |
| Date: | 2021-03-09 20:45:32 |
| Message-ID: | 208faea3-61d8-2480-ef60-873453a9c198@jakobs.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
Am 09.03.21 um 19:45 schrieb Stephen Frost:
> Greetings,
>
> * Tom Lane (tgl(at)sss(dot)pgh(dot)pa(dot)us) wrote:
>> postbox giridhar <giridharpostbox(at)gmail(dot)com> writes:
>>> Is it possible to lock a database user after several failed login attempts.
>> No such thing is built into PG. You can use external authentication
>> solutions, such as PAM, for this and related requirements.
> Attempting to arrange for this to happen with the typcial PAM modules is
> a disaster since PG's authentication code doesn't run as root and the
> PAM modules expect to, not to mention that the account then has to exist
> in the PAM world (as an actual unix user) and be authenticated using PAM
> methods (meaning you can't use PG's SCRAM).
>
> This capability, among many others in this area, are missing in PG today
> and we should accept that and hopefully someone will then work on
> implementing them. Suggesting to use PAM really isn't helpful.
>
> Thanks,
>
> Stephen
Hello,
Maybe this can help:
fail2ban can also be used for failed login attempts to PostgreSQL
https://gist.github.com/rc9000/fd1be13b5c8820f63d982d0bf8154db1
--
Holger Jakobs, Bergisch Gladbach, Tel. +49-178-9759012
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tim | 2021-03-10 02:24:00 | Logical Replication: Initial Snapshot For Large DB |
| Previous Message | Stephen Frost | 2021-03-09 18:45:07 | Re: Lock after several failed login attempts |