I was wondering if there is a way I can set up my pg_hba.conf to allow "ident sameuser" authentication, but fall back to "md5" if it fails. I would like users to be able to login to their databases (which correspond to their usernames and ident responses), however when they need to use PHP to login, they must enter a password because the ident response will be different (always "apache" I would assume).
I have tried the following pg_hba.conf configurations, but I cannot seem to get this right.
This results in only allowing users to login after entering the correct password: local sameuser all md5 local sameuser all ident sameuser
This results in ident checking and returning FATAL without asking for a password if it fails: local sameuser all ident sameuser local sameuser all md5
So, how would I configure pg_hba.conf to work like this? Is it possible, or should I only allow md5 and not worry about ident? Please let me know.