Michael Glaesemann <grzm@seespotcode.net> writes:
> Would there be a difference in how this is logged and how it's
> reported to the user?
Not without making all the same infrastructure changes that would be
needed to tell the user something different than now. As things stand,
the password auth code can't tell the difference between a nonexistent
role and a nologin role; neither one has an entry in the flat file.
If we dropped the filtering in flatfiles.c, then a nologin role would
have an entry, but most likely without a password, so you'd still just
see "password auth failed".
regards, tom lane