mod_auth_pgsql for Apache and limiting the number of login attempts

Hi all,

for a long time I am using mod_auth_pgsql for Apache 1.3. But I always
wished that I could limit the number of attempts, so no-one can try as
often as he wants to.

Unfortunately the author of mod_auth_pgsql didn't answer, so I had to do
it by myself. But I didn't want to make major changes in mod_auth_pgsql
because I had no experience in writing Apache modules. My approach was
as follows:

- Add a line in mod_auth_pgsql to write a row in the logging table even
  if the password entered was wrong. The original module only logs
  successful attempts.

- Write a function that increases a counter in the user table if the
  password was wrong and sets the counter to 0 if the password was
  correct.

- Set a trigger that executes that function whenever a row in the
  logging table is inserted.

- Include the test for exceeded number of unsuccessful attempts in
  .htaccess.

Oh, and I installed the crypto functions from contrib so I can store the
passwords in hashed form, and I added some enable/disable fields so a
user can temporary disabled without resetting his password or deleting
him.

Works fine. If anyone is interested, just email me for the scripts.

Holger

--
PGP/GPG Key-ID:
http://blackhole.pca.dfn.de:11371/pks/lookup?op=get&search=0xB5A1AFE1