Re: Credcheck- credcheck.max_auth_failure

public inbox for [email protected]  
help / color / mirror / Atom feed

From: Ron Johnson <[email protected]>
To: Greg Sabino Mullane <[email protected]>
Cc: 張宸瑋 <[email protected]>
Cc: [email protected]
Subject: Re: Credcheck- credcheck.max_auth_failure
Date: Mon, 16 Dec 2024 09:13:16 -0500
Message-ID: <CANzqJaB1mFKUP=_kFqg2CtSN6QSMkgsMTvYtQnoGJ7cLAhhjyQ@mail.gmail.com> (raw)
In-Reply-To: <CAKAnmmJQmpN14wCpOsM9mCEXagwWWONyA+BYszMQJ5ExxOEfXA@mail.gmail.com>
References: <CAFsaSDgSPjLOmk51fZt_zYPEUnFOCQ+92g_g2OSMjNbMa4h2xg@mail.gmail.com>
	<CAKAnmmLBf33oSKxxANDztHR455BhEdO=AROGvXZa1crh7VchHg@mail.gmail.com>
	<CANzqJaDJ0_Aiih6X6AMfkRaWATFrHJMw_21oS-7im8JdN9SgrQ@mail.gmail.com>
	<[email protected]>
	<CAFsaSDgsJB9WpZSxspQ0CJAkT4OjGzdh+hLqnf=hinp-ywDU6g@mail.gmail.com>
	<CAKAnmmJQmpN14wCpOsM9mCEXagwWWONyA+BYszMQJ5ExxOEfXA@mail.gmail.com>

On Mon, Dec 16, 2024 at 8:10 AM Greg Sabino Mullane <[email protected]>
wrote:

> On Mon, Dec 16, 2024 at 5:32 AM 張宸瑋 <[email protected]> wrote:
>
>> We have both regular accounts and system accounts. For regular accounts,
>> we still require password complexity and the lockout functionality after
>> multiple failed login attempts.
>>
>
> Again, what is the threat model here?
>

I would not be surprised if the "threat model" is security auditors.


> Most people have their password in a .pgpass file or similar, so it seems
> this only adds complexity and annoyance without any real benefit.
>

Mostly, people *do not* log into our PG instances. 99% of connections are
from application service accounts via JDBC.

-- 
Death to <Redacted>, and butter sauce.
Don't boil me, I'm still alive.
<Redacted> lobster!

view thread (14+ messages)  latest in thread

reply

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Reply to all the recipients using the --to and --cc options:
  reply via email

  To: [email protected]
  Cc: [email protected], [email protected], [email protected], [email protected]
  Subject: Re: Credcheck- credcheck.max_auth_failure
  In-Reply-To: <CANzqJaB1mFKUP=_kFqg2CtSN6QSMkgsMTvYtQnoGJ7cLAhhjyQ@mail.gmail.com>

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox