12th September 2019: PostgreSQL 12 Beta 4 Released!
Supported Versions: Current (11) / 10 / 9.6 / 9.5 / 9.4
Development Versions: 12 / devel
Unsupported versions: 9.3 / 9.2 / 9.1
This documentation is for an unsupported version of PostgreSQL.
You may want to view the same page for the current version, or one of the supported versions listed above instead.

F.2. auth_delay

auth_delay causes the server to pause briefly before reporting authentication failure, to make brute-force attacks on database passwords more difficult. Note that it does nothing to prevent denial-of-service attacks, and may even exacerbate them, since processes that are waiting before reporting authentication failure will still consume connection slots.

In order to function, this module must be loaded via shared_preload_libraries in postgresql.conf.

F.2.1. Configuration Parameters

auth_delay.milliseconds (int)

The number of milliseconds to wait before reporting an authentication failure. The default is 0.

In order to set these parameters in your postgresql.conf file, you will need to add auth_delay to custom_variable_classes. Typical usage might be:

# postgresql.conf
shared_preload_libraries = 'auth_delay'

custom_variable_classes = 'auth_delay'
auth_delay.milliseconds = '500'