PG Bug reporting form <noreply@postgresql.org> writes: > With following entries in pg_hba.conf, psql v13 is prompting for password > for Kerberos connections, whereas psql v11 succeeds connecting without any > issue.
> local all pgbkp peer map=pgbackrest > hostssl all +citi_pg_app_read 0.0.0.0/0 gss map=krb > host all all 0.0.0.0/0 scram-sha-256
> [kdc_test_fid@icl-actpsql-vm1 /psql13]$ psql -U app_kdc_test_fid -h x.x.x -d > postgres -p 1524 > Password for user app_kdc_test_fid:
I suspect the v13 libpq is trying GSSAPI encryption before SSL encryption, so it falls through the hostssl line and ends up at the catchall.