Security issue: Newly created roles with password are allowed to connect w/o password prompt

[uazure]

How to reproduce:

• run a container to listen on some port, create new user and database:

  docker run -p 5432:5432 -d --name postgres postgres:9.3.5
  psql -h localhost -p 5432 -U postgres
  =# create database test; create user test with password 'test'; GRANT ALL privileges ON DATABASE test TO test; \q

After that I would expect that test user can login using his/her password.

psql -h localhost -p 5432 -U test

But password is not required(!!!)
This is really weird and unexpected behavior.

[yosifkit]

"Client authentication is controlled by a configuration file, which traditionally is named pg_hba.conf and is stored in the database cluster's data directory" (postgresql.org). I think you just need to provide a different pg_hba.conf that makes postgres use the users table, or set the authentication in there.

[yosifkit]

fixed in #36.