experimented with this some more with no progress. only trust seems to work which is not what we want - will try some more versions with md5 but this is why I've called this out as such a pain point.
show us your pg_hba.conf (sans comments), and the connections that aren't working the way you want, along with whatever error messages they are generating.
It's worth noting how I normally set up this file:
1. Set up postgres user on local connections with peer authentication
2. Set up initial roles, passwords, etc. (sudo -u postgres psql, then create role ... with noinherit login password = ...)
3. Configure for MD5 auth over the network and for all users on local except postgres.
Of course that differs depending on environment and requirements but it is a decent starting point.