Problem - any password accepted

While experimenting just now, I seem to have found a weird problem with
passwords, in that _anything_ I type in is accepted as a valid password.

Here are the relevant bits of pg_hba.conf
# Database administrative login by UNIX sockets
local all postgres ident sameuser

# TYPE DATABASE USER CIDR-ADDRESS METHOD

# "local" is for Unix domain socket connections only
local all all ident sameuser
# IPv4 local connections:
hostnossl junk olly 127.0.0.1/32 trust
host all all 127.0.0.1/32 md5
# IPv6 local connections:
host all all ::1/128 md5

1. Unix socket access is fine - no password requested.
olly(at)linda:~$ psql junk
Welcome to psql 8.2.4, the PostgreSQL interactive terminal.

2. TCP/IP access: this uses SSL so it skips the hostnossl line and hits
the next host line, which specifies an md5 password. Whatever I type is
accepted.

junk=# \q
olly(at)linda:~$ psql -h localhost junk
Password:
Welcome to psql 8.2.4, the PostgreSQL interactive terminal.
junk=# select * from pg_shadow;
usename | usesysid | usecreatedb | usesuper | usecatupd | passwd | valuntil | useconfig
----------+----------+-------------+----------+-----------+-------------------------------------+----------+-----------
postgres | 10 | t | t | t | | |
olly | 16384 | t | t | t | md5739e5b0ea17d0a2b9b58df4fad055a09 | |
(2 rows)

In the log I have:
2007-05-30 17:54:59 BST LOG: could not receive data from client: Connection res
et by peer
2007-05-30 17:55:02 BST FATAL: password authentication failed for user "olly"

but it has still let me in.

--
Oliver Elphick olly(at)lfix(dot)co(dot)uk
Isle of Wight http://www.lfix.co.uk/oliver
GPG: 1024D/A54310EA 92C8 39E7 280E 3631 3F0E 1EC0 5664 7A2F A543 10EA
========================================
Do you want to know God? http://www.lfix.co.uk/knowing_god.html