This is with postgresql 9.6.9.
This is part of my pg_hba.conf file:
local sameuser all password
host sameuser all 127.0.0.1/32 password
host sameuser all ::1/128 password
# "local" is for Unix domain socket connections only
local all all ident map=maproot
The intent is that in general anyone can connect to the database with the password, but the last line is intended to allow the local postgres user (and root via the maproot map) to connect to anything.
What I find is that in order for the last line to be effective, the first must be commented out.
Is there a way to allow both to work and if the first fails to just fall through?
No, you have to move the last line before the first one and use postgres
rather than all
as user.
Never ever use password
authentication, it is unnecessarily unsafe. Use at least md5
.