* Thomas Kellerer (spam_ea...@gmx.net) wrote: > Stephen Frost schrieb am 21.01.2017 um 22:37: > >>So, there is no solution for my first question, we need if users enter the > >>wrong password more than 5 times than their account gets locked and then > >>only DBA will unlock this account. > > > >I understood the question and there is an answer- use PAM. > > What about LDAP?
Perhaps, but not what I'd recommend. If you've got LDAP then you probably have Active Directory and you should just be using GSSAPI. If you've actually *only* got LDAP, then perhaps, but all the LDAP methods require the user's password to be sent, in one form or another, to the PG server, which isn't ideal, and usually there's a better option in such environments. Of course, PAM requires the user's password to be sent to the server also, which is also why I don't generally recommend using it either, but without more info ... Thanks! Stephen
signature.asc
Description: Digital signature
