mirror of
https://github.com/postgres/postgres.git
synced 2026-04-15 22:10:45 -04:00
3a9d430af5
The main problem is that DocBook SGML allows indexterm elements just
about everywhere, but DocBook XML is stricter. For example, this common
pattern
<varlistentry>
<indexterm>...</indexterm>
<term>...</term>
...
</varlistentry>
needs to be changed to something like
<varlistentry>
<term>...<indexterm>...</indexterm></term>
...
</varlistentry>
See also bb4eefe7bf.
There is currently nothing in the build system that enforces that things
stay valid, because that requires additional tools and will receive
separate consideration.
65 lines
1.6 KiB
Text
65 lines
1.6 KiB
Text
<!-- doc/src/sgml/auth-delay.sgml -->
|
|
|
|
<sect1 id="auth-delay" xreflabel="auth_delay">
|
|
<title>auth_delay</title>
|
|
|
|
<indexterm zone="auth-delay">
|
|
<primary>auth_delay</primary>
|
|
</indexterm>
|
|
|
|
<para>
|
|
<filename>auth_delay</filename> causes the server to pause briefly before
|
|
reporting authentication failure, to make brute-force attacks on database
|
|
passwords more difficult. Note that it does nothing to prevent
|
|
denial-of-service attacks, and may even exacerbate them, since processes
|
|
that are waiting before reporting authentication failure will still consume
|
|
connection slots.
|
|
</para>
|
|
|
|
<para>
|
|
In order to function, this module must be loaded via
|
|
<xref linkend="guc-shared-preload-libraries"> in <filename>postgresql.conf</>.
|
|
</para>
|
|
|
|
<sect2>
|
|
<title>Configuration Parameters</title>
|
|
|
|
<variablelist>
|
|
<varlistentry>
|
|
<term>
|
|
<varname>auth_delay.milliseconds</varname> (<type>int</type>)
|
|
<indexterm>
|
|
<primary><varname>auth_delay.milliseconds</> configuration parameter</primary>
|
|
</indexterm>
|
|
</term>
|
|
<listitem>
|
|
<para>
|
|
The number of milliseconds to wait before reporting an authentication
|
|
failure. The default is 0.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
</variablelist>
|
|
|
|
<para>
|
|
These parameters must be set in <filename>postgresql.conf</>.
|
|
Typical usage might be:
|
|
</para>
|
|
|
|
<programlisting>
|
|
# postgresql.conf
|
|
shared_preload_libraries = 'auth_delay'
|
|
|
|
auth_delay.milliseconds = '500'
|
|
</programlisting>
|
|
</sect2>
|
|
|
|
<sect2>
|
|
<title>Author</title>
|
|
|
|
<para>
|
|
KaiGai Kohei <email>kaigai@ak.jp.nec.com</email>
|
|
</para>
|
|
</sect2>
|
|
|
|
</sect1>
|