auth_delay
pause briefly before reporting authentication failure
Overview
| Package | Version | Category | License | Language |
|---|---|---|---|---|
auth_delay | - | SEC | PostgreSQL | C |
| ID | Extension | Bin | Lib | Load | Create | Trust | Reloc | Schema |
|---|---|---|---|---|---|---|---|---|
| 7970 | auth_delay | No | Yes | Yes | No | No | No | - |
| Related | pg_auth_mon credcheck login_hook passwordcheck passwordcheck_cracklib pgaudit set_user pg_permissions |
|---|
Version
| PG18 | PG17 | PG16 | PG15 | PG14 |
|---|---|---|---|---|
| - | - | - | - | - |
Install
Note: This is a built-in contrib extension of PostgreSQL
Usage
auth_delay pauses the server briefly before reporting authentication failures, making brute-force password attacks more difficult.
Configuration
Add to postgresql.conf:
shared_preload_libraries = 'auth_delay'
auth_delay.milliseconds = '500'
Configuration Parameters
| Parameter | Default | Description |
|---|---|---|
auth_delay.milliseconds | 0 | Milliseconds to wait before reporting auth failure |
Notes
- Must be loaded via
shared_preload_libraries - Does not prevent denial-of-service attacks (waiting processes still hold connection slots)
- No
CREATE EXTENSIONis required – this is a shared library module only
Feedback
Was this page helpful?
Thanks for the feedback! Please let us know how we can improve.
Sorry to hear that. Please let us know how we can improve.