Greetings, * Tom Lane (tgl@xxxxxxxxxxxxx) wrote: > postbox giridhar <giridharpostbox@xxxxxxxxx> writes: > > Is it possible to lock a database user after several failed login attempts. > > No such thing is built into PG. You can use external authentication > solutions, such as PAM, for this and related requirements. Attempting to arrange for this to happen with the typcial PAM modules is a disaster since PG's authentication code doesn't run as root and the PAM modules expect to, not to mention that the account then has to exist in the PAM world (as an actual unix user) and be authenticated using PAM methods (meaning you can't use PG's SCRAM). This capability, among many others in this area, are missing in PG today and we should accept that and hopefully someone will then work on implementing them. Suggesting to use PAM really isn't helpful. Thanks, Stephen
Attachment:
signature.asc
Description: PGP signature
