> > No, there is not. Does anyone want to suggest a possible implementation
> > for the TODO list?
> I would like to see a combination of number of login failures and a
> timeout, configurable via the conf file. Say, X login failures
> disables further logins for that account for Y minutes.
>
> That would be groovy. :)
And dangerous. Imagine a system with say, apache accound used
from some Apache application. And a maluser who purposefully
tries to log in to "apache" account and fails, thus causing a DoS
on the web application. :)
...of course with careful planning and right implementation it
would be very good.
Anyway, a simple 'sleep 2 seconds before telling that password
was wrong' would be a good addition anyhow. [ if it already is
inside PgSQL, please forgive me :) ]
Regards,
Dawid