No password prompt for postgresql superuser

Question

After I installed PostgreSQL 9.1 on Ubuntu 12.04 I set the password for the \"postgres\" superuser account. I want all users to have to enter their password when loging in.

Answer 1

Your pg_hba.conf should indeed require a password for unix socket connections, but there are still ways around it that you should verify:

1. a .pgpass file in the postgres home directory containing the password (also check the PGPASSFILE environment variable for a non-standard path).

2. the PGPASSWORD environment variable could be set.

And there's also the possibility that you're editing the wrong pg_hba.conf file. When connected as postgres, the correct path can be obtained for verification with the SHOW hba_file SQL command.

Also, you may want to check the log file, /var/log/postgresql/postgresql-9.1-main.log for confirmation that the configuration files are reloaded when you ask for it, and look for any suspect message during the authentication.

As for the reason why passwordless connections with the postgres user are common, the debian PG-9.1 pg_hba.conf has this comment about disallowing them:

# DO NOT DISABLE!  
# If you change this first entry you will need to make sure that the  
# database superuser can access the database using some other method.  
# Noninteractive access to all databases is required during automatic  
# maintenance (custom daily cronjobs, replication, and similar tasks).  
#  
# Database administrative login by Unix domain socket  
local   all             postgres                                peer  

Since Debian and Ubuntu use the same postgres packages, this applies to Ubuntu as well.