Thread: Configuration questions

Configuration questions

From

Kevin Crain

Date:

06 April 2010, 17:35:02

How do I configure postgres to lock a user's account after X failed login attempts, where X is an arbitrary number.

Also is there a way to limit the number of concurrent connections on a per account basis?

-Kevin

Re: Configuration questions

From

Francisco Reyes

Date:

06 April 2010, 18:57:06

Kevin Crain writes:

> How do I configure postgres to lock a user's account after X failed login
> attempts, where X is an arbitrary number.

Don't think there is a way to do that.
Perhaps using an authentication mechanism that supports that and then using
it to connect to Postgres..
This page may be of interest:
http://www.postgresql.org/docs/current/static/auth-methods.html

> Also is there a way to limit the number of concurrent connections on a per
> account basis?

Don't think there is an option for that either.

Re: Configuration questions

From

"Milen A. Radev"

Date:

06 April 2010, 19:19:42

На 05.4.2010 23:11, Kevin Crain написа:
[...]
> Also is there a way to limit the number of concurrent connections on a per
> account basis?

ALTER ROLE <role> CONNECTION LIMIT <number>;

(http://www.postgresql.org/docs/current/static/sql-alterrole.html)



--
Milen A. Radev

Re: Configuration questions

From

Tom Lane

Date:

06 April 2010, 19:52:58

Francisco Reyes <lists@stringsutils.com> writes:
> Kevin Crain writes:
>> How do I configure postgres to lock a user's account after X failed login
>> attempts, where X is an arbitrary number.

> Don't think there is a way to do that.
> Perhaps using an authentication mechanism that supports that and then using
> it to connect to Postgres..

The usual suggestion is to use PAM if you want a customized login
policy.

            regards, tom lane

Re: Configuration questions

From

Guillaume Lelarge

Date:

06 April 2010, 21:08:12

Le 06/04/2010 20:45, Francisco Reyes a écrit :
> Kevin Crain writes:
>
>> How do I configure postgres to lock a user's account after X failed
>> login attempts, where X is an arbitrary number.
>
> Don't think there is a way to do that.
> Perhaps using an authentication mechanism that supports that and then
> using it to connect to Postgres..
> This page may be of interest:
> http://www.postgresql.org/docs/current/static/auth-methods.html
>

Yeah, an external authentication tool can probably do that. The internal
ones (password, md5, and crypt) won't.

>> Also is there a way to limit the number of concurrent connections on a
>> per account basis?
>
> Don't think there is an option for that either.
>

Sure, there is one:

ALTER ROLE your-user WITH CONNECTION LIMIT x;

See http://www.postgresql.org/docs/8.4/interactive/sql-alterrole.html
for more details.


--
Guillaume.
 http://www.postgresqlfr.org
 http://dalibo.com