| From: | Robert Haas <robertmhaas(at)gmail(dot)com> |
|---|---|
| To: | Stephen Frost <sfrost(at)snowman(dot)net> |
| Cc: | KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: [v9.1] Add security hook on initialization of instance |
| Date: | 2010-07-09 15:21:29 |
| Message-ID: | AANLkTik3s0EMF7CLk2z-2S-DPRRhpmkn4ZvYvBHEGlKS@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Fri, Jul 9, 2010 at 11:19 AM, Stephen Frost <sfrost(at)snowman(dot)net> wrote:
> * Robert Haas (robertmhaas(at)gmail(dot)com) wrote:
>> On Fri, Jul 9, 2010 at 10:52 AM, Stephen Frost <sfrost(at)snowman(dot)net> wrote:
>> > Something else which has come up but is related is the ability to
>> > support a "pam_tally"-like function in PG. Basically, the ability to
>> > lock users out if they've had too many failed login attempts. I wonder
>> > if we could add this hook (or maybe have more than one if necessary) in
>> > a way to support a contrib module for that.
>>
>> Seems like the hard part would be figuring out where to store the
>> bookkeeping information.
>
> pam_tally does it in a flat file on-disk. It's not perfect, but it
> works. It'd be good enough for me if there was a hook in the right
> place that I could write the contrib module.
>
> Of course, it'd be even nicer to have support for this in-core, since
> it's a FISMA requirement and not everyone is going to like having to
> install a contrib module to handle something like this.
Feel free to propose a patch...!
--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise Postgres Company
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Kevin Grittner | 2010-07-09 15:54:18 | Re: Admission Control |
| Previous Message | Stephen Frost | 2010-07-09 15:19:17 | Re: [v9.1] Add security hook on initialization of instance |