Furthermore, if I remove .pgpass, this case's result changes.
root@dbserver:~# cat ~/.pgpass cat: /root/.pgpass: No such file or directory root@dbserver:~# psql -d postgres -U valid_user -h localhost Password for user valid_user:
You've already demonstrated that when connecting via "host" the first matching entry is a password requiring entry. In your first email pgpass provided the password. Here you've simply removed pgpass and demonstrated that you are actually being prompted for the password, as expected.
Your original email demonstrates that, absent -h localhost, psql is looking for and finding a local socket and thus the first matching entry is a "local" one which does not require password entry because it is set for "peer". This is working as intended. psql decides first where to go talk, then the pg_hba.conf file ignores any irrelevant lines based upon where the connection is coming in from and picks the first match among the remaining.
