Am 09.03.21 um 19:45 schrieb Stephen Frost:
Greetings, * Tom Lane (tgl@xxxxxxxxxxxxx) wrote:postbox giridhar <giridharpostbox@xxxxxxxxx> writes:Is it possible to lock a database user after several failed login attempts.No such thing is built into PG. You can use external authentication solutions, such as PAM, for this and related requirements.Attempting to arrange for this to happen with the typcial PAM modules is a disaster since PG's authentication code doesn't run as root and the PAM modules expect to, not to mention that the account then has to exist in the PAM world (as an actual unix user) and be authenticated using PAM methods (meaning you can't use PG's SCRAM). This capability, among many others in this area, are missing in PG today and we should accept that and hopefully someone will then work on implementing them. Suggesting to use PAM really isn't helpful. Thanks, Stephen
Hello, Maybe this can help: fail2ban can also be used for failed login attempts to PostgreSQL https://gist.github.com/rc9000/fd1be13b5c8820f63d982d0bf8154db1 -- Holger Jakobs, Bergisch Gladbach, Tel. +49-178-9759012
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature
