Nick Sayer <nsayer(at)quack(dot)kfu(dot)com> writes:
> Is there some way to achieve this I am missing?
For password-style authentication, you can use a secondary auth file to
get that effect:
local sameuser password
local all password crossauth
where $PGDATA/crossauth lists the users who should be allowed to connect
to databases other than their own:
backups
pgsql
The map file can serve a similar purpose for ident-based auth. AFAIK
there's no similar capability for Kerberos or PAM auth methods :-(
regards, tom lane