0

This is with postgresql 9.6.9.

This is part of my pg_hba.conf file:

local   sameuser         all                               password
host    sameuser         all         127.0.0.1/32          password
host    sameuser         all         ::1/128               password

# "local" is for Unix domain socket connections only
local   all             all                                ident map=maproot

The intent is that in general anyone can connect to the database with the password, but the last line is intended to allow the local postgres user (and root via the maproot map) to connect to anything.

What I find is that in order for the last line to be effective, the first must be commented out.

Is there a way to allow both to work and if the first fails to just fall through?

nsayer
  • 16,925
  • 3
  • 33
  • 51

1 Answers1

2

No, you have to move the last line before the first one and use postgres rather than all as user.

Never ever use password authentication, it is unnecessarily unsafe. Use at least md5.

Laurenz Albe
  • 209,280
  • 17
  • 206
  • 263
  • Hmm. Since the postgres user can connect to all databases, that’s probably a reasonable alternative. Since no network connections are allowed does password vs md5 matter much? I don’t mind changing that to upgrade if it doesn’t cause any problems. – nsayer Jun 30 '18 at 00:47
  • 1
    Changing to `md5` won't cause problems, only keeps client and server from exchanging the plain-text password. – Laurenz Albe Jun 30 '18 at 05:07