postgres 9.1: both md5 and ident on the same connection type?

In pg_hba.conf, is there a way to enable both 'ident' and 'md5' for local connections?

Concretely, I am happy to have 'ident' turned on for humans to interact with the database. However, if I set up an httpd instance (e.g.), I don't like having to add a full linux user so that it can connect to the db via ident. I'd like to just assign a password inside postgres.

My experiments in having two lines in pg_hba.conf for 'local' didn't work, but the doc is a bit ambiguous, and I thought perhaps that I'd missed something.

Only if you can differentiate by user or database. You can't have both ident and md5 enabled for the same (user,database,connection-origin) tuple.

I usually use unix sockets with ident for my admin and casual use. Many apps only work over tcp, so I use tcp with md5 for them. For apps that can use a unix socket I specify their database as md5 and just use a password when I connect to it.

It'd be really nice if Pg supported fallback auth where you could try several protocols or where the client could pick, but right now AFAIK it doesn't.

StackExchange Database Administrators Q#23963, answer score: 4