contrib: auth_delay module

Kohei KaiGai <kaigai@kaigai.gr.jp>

From: KaiGai Kohei <kaigai@kaigai.gr.jp>
To: PostgreSQL-Hackers <pgsql-hackers@postgresql.org>
Cc: KaiGai Kohei <kaigai@ak.jp.nec.com>
Date: 2010-11-04T12:49:07Z
Lists: pgsql-hackers

Attachments

The attached patch is a contrib module to inject a few seconds
delay on authentication failed. It is also a proof of the concept
using the new ClientAuthentication_hook.

This module provides a similar feature to pam_faildelay on
operating systems. Injection of a few seconds delay on
authentication fails prevents (or makes hard at least) brute-force
attacks, because it limits number of candidates that attacker can
verify within a unit of time.

Thanks,
-- 
KaiGai Kohei <kaigai@kaigai.gr.jp>