On Tue, Apr 19, 2005 at 17:00:15 +0200, Wim Bertels <wim.bertels@xxxxxxxxxxx> wrote: > >Can't people use PAM to get this effect if they want it? > > what if u use pam with ldap, then u can use pg brute force cracking to > obtain the ldap password, which is probably a bigger problem You don't have to use it with LDAP. It does provide some password controls, that should slow things down a little. However, you are going to have a tough time preventing password guessing without making denial of service attacks easy. > > >For most people password guessing isn't going to be a big problem as > >the database won't be accessible from totally untrusted places and watching > >the log files for guessing will probably be a good enough solution. > > what if u do want the database to be globally accessible.. Then you have a much more difficult situation. One option is to bind user names to specific allowed IP addresses.
