<!-- doc/src/sgml/auth-delay.sgml -->
<sect1 id="auth-delay" xreflabel="auth_delay">
<title>auth_delay — pause on authentication failure</title>
<indexterm zone="auth-delay">
<primary>auth_delay</primary>
</indexterm>
<para>
<filename>auth_delay</filename> causes the server to pause briefly before
reporting authentication failure, to make brute-force attacks on database
passwords more difficult. Note that it does nothing to prevent
denial-of-service attacks, and may even exacerbate them, since processes
that are waiting before reporting authentication failure will still consume
connection slots.
</para>
<para>
In order to function, this module must be loaded via
<xref linkend="guc-shared-preload-libraries"/> in <filename>postgresql.conf</filename>.
</para>
<sect2 id="auth-delay-configuration-parameters">
<title>Configuration Parameters</title>
<variablelist>
<varlistentry>
<term>
<varname>auth_delay.milliseconds</varname> (<type>integer</type>)
<indexterm>
<primary><varname>auth_delay.milliseconds</varname> configuration parameter</primary>
</indexterm>
</term>
<listitem>
<para>
The number of milliseconds to wait before reporting an authentication
failure. The default is 0.
</para>
</listitem>
</varlistentry>
</variablelist>
<para>
These parameters must be set in <filename>postgresql.conf</filename>.
Typical usage might be:
</para>
<programlisting>
# postgresql.conf
shared_preload_libraries = 'auth_delay'
auth_delay.milliseconds = '500'
</programlisting>
</sect2>
<sect2 id="auth-delay-author">
<title>Author</title>
<para>
KaiGai Kohei <email>kaigai@ak.jp.nec.com</email>
</para>
</sect2>
</sect1>