New contrib module, auth_delay.

KaiGai Kohei, with a few changes by me.

3 files changed, 69 insertions, 0 deletions

diff --git a/doc/src/sgml/auth-delay.sgml b/doc/src/sgml/auth-delay.sgml
new file mode 100644
index 00000000000..683fa494ee7
--- /dev/null
+++ b/doc/src/sgml/auth-delay.sgml
@@ -0,0 +1,67 @@
+<!-- doc/src/sgml/auth-delay.sgml -->
+
+<sect1 id="auth-delay">
+ <title>auth_delay</title>
+
+ <indexterm zone="auth-delay">
+  <primary>auth_delay</primary>
+ </indexterm>
+
+ <para>
+  <filename>auth_delay</filename> causes the server to pause briefly before
+  reporting authentication failure, to make brute-force attacks on database
+  passwords more difficult.  Note that it does nothing to prevent
+  denial-of-service attacks, and may even exacerbate them, since processes
+  that are waiting before reporting authentication failure will still consume
+  connection slots.
+ </para>
+
+ <para>
+  In order to function, this module must be loaded via 
+  <xref linkend="guc-shared-preload-libraries"> in <filename>postgresql.conf</>.
+ </para>
+
+ <sect2>
+  <title>Configuration parameters</title>
+
+  <variablelist>
+   <varlistentry>
+    <term>
+     <varname>auth_delay.milliseconds</varname> (<type>int</type>)
+    </term>
+    <indexterm>
+     <primary><varname>auth_delay.milliseconds</> configuration parameter</primary>
+    </indexterm>
+    <listitem>
+     <para>
+      The number of milliseconds to wait before reporting an authentication
+      failure.  The default is 0.
+     </para>
+    </listitem>
+   </varlistentry>
+  </variablelist>
+
+  <para>
+   In order to set these parameters in your <filename>postgresql.conf</> file,
+   you will need to add <literal>auth_delay</> to
+   <xref linkend="guc-custom-variable-classes">.  Typical usage might be:
+  </para>
+
+<programlisting>
+# postgresql.conf
+shared_preload_libraries = 'auth_delay'
+
+custom_variable_classes = 'auth_delay'
+auth_delay.milliseconds = '500'
+</programlisting>
+ </sect2>
+
+ <sect2>
+  <title>Author</title>
+
+  <para>
+   KaiGai Kohei <email>kaigai@ak.jp.nec.com</email>
+  </para>
+ </sect2>
+
+</sect1>
diff --git a/doc/src/sgml/contrib.sgml b/doc/src/sgml/contrib.sgml
index a7c2a1d43eb..d78847395e5 100644
--- a/doc/src/sgml/contrib.sgml
+++ b/doc/src/sgml/contrib.sgml
@@ -81,6 +81,7 @@ psql -d dbname -f <replaceable>SHAREDIR</>/contrib/<replaceable>module</>.sql
  </para>
 
  &adminpack;
+ &auth-delay;
  &auto-explain;
  &btree-gin;
  &btree-gist;
diff --git a/doc/src/sgml/filelist.sgml b/doc/src/sgml/filelist.sgml
index 4361991ea99..aa2d801deb7 100644
--- a/doc/src/sgml/filelist.sgml
+++ b/doc/src/sgml/filelist.sgml
@@ -93,6 +93,7 @@
 <!-- contrib information -->
 <!entity contrib         SYSTEM "contrib.sgml">
 <!entity adminpack       SYSTEM "adminpack.sgml">
+<!entity auth-delay      SYSTEM "auth-delay.sgml">
 <!entity auto-explain    SYSTEM "auto-explain.sgml">
 <!entity btree-gin       SYSTEM "btree-gin.sgml">
 <!entity btree-gist      SYSTEM "btree-gist.sgml">