Rob Cherry <postgresadmin@lxrb.com> writes:
> Does anyone know if it is possible to overload auth types like this such
> that if pam fails password would be tried?
No, it's not, as per the Fine Manual:
: The first record with a matching connection type, client address,
: requested database, and user name is used to perform
: authentication. There is no "fall-through" or "backup": if one record is
: chosen and the authentication fails, subsequent records are not
: considered. If no record matches, access is denied.
Your best bet is probably to list the automated users specifically in
a record that specifies password, and then put another record that
selects pam for everyone else.
regards, tom lane
