In pg_hba.conf, is there a way to enable both 'ident' and 'md5' for local connections?
Concretely, I am happy to have 'ident' turned on for humans to interact with the database. However, if I set up an httpd instance (e.g.), I don't like having to add a full linux user so that it can connect to the db via ident. I'd like to just assign a password inside postgres.
My experiments in having two lines in pg_hba.conf for 'local' didn't work, but the doc is a bit ambiguous, and I thought perhaps that I'd missed something.
Best Answer
Only if you can differentiate by user or database. You can't have both ident and md5 enabled for the same (user,database,connection-origin) tuple.
I usually use unix sockets with ident for my admin and casual use. Many apps only work over tcp, so I use tcp with md5 for them. For apps that can use a unix socket I specify their database as
md5
and just use a password when I connect to it.It'd be really nice if Pg supported fallback auth where you could try several protocols or where the client could pick, but right now AFAIK it doesn't.