Re: Postgres Pain Points: 1 pg_hba conf

#1) pg_hba conf
> Out of the box the md5 setting blocks access.

That depends on which box you got it out of.  If you compile the
source yourself, its default settings are 'trust', not 'md5'.

If you get it from a repository, it is up to the repository's policies
and/or the packager's tastes to decide what defaults to use.

In my hands, md5 blocks access exactly when it should, when the user
fails to provide the valid password.

my defacto pg_hba.conf reads like this...

local    all    all                        peer
host    all    all 127.0.0.0/8   md5
host    all    all ::1                   md5
# host all all xxx.yyy.zzz.0/24  md5      ## uncomment and adjust hostmask to suit LAN client addresses

with this setup, if user X runs psql with no arguments, it authenticates them as sql user X.  if user X wants to connect to postgres as sql user Y, then `psql -h localhost -U Y ...` (or equivalent in whatever API) and use the sql Y role password to authenticate.

-- 
john r pierce, recycling bits in santa cruz