Re: Authentication problem

Dmitry Morozovsky <marck@rinet.ru> writes:
>     There is no "fall-through" or "backup": if one record is chosen
>     and the authentication fails, the following records are not
>     considered.

> Are there any plans to loose this restriction?

No.  I don't believe we could count on clients to respond to multiple
authentication challenges of different types.

> It would be very useful to use e.g.

> local    all        ident        admin
> local    sameuser    ident        sameuser
> local    all        password    passwd.user

The "sameuser" part of this works now, since sameuser is a record
matching constraint, not an authentication test.

There has been some talk of adding a more flexible username-matching
field to pg_hba (whereupon the file name would be inappropriate ;-))
but no one's really done any work on it.

            regards, tom lane