Multiples authentication methods for Postgresql
No -- Since the pg_hba.conf records are examined sequentially for each connection attempt, the order of the records is significant.
-- In other words "First match is the method I'm going to use".
You would have to explicitly list all the local (md5
) accounts before proceeding to the "all users" LDAP authentication in order for this to work (and that starts to get hairy with maintaining the pg_hba.conf
file).
As a workaround you can use the pam
authentication method, and configure PAM's "postgres" service to use whatever methods you wish (including falling back to alternate methods), but this limits you to whatever PAM modules are installed/configured on your system.
(For suitably broad definitions of "limits" -- e.g. you could use one-time passwords for Postgres accounts if you use PAM as the authentication method).