While checking the PostgreSQL installation, I noticed that access management (implemented in pg_hba.conf) didn't work as expected. I tracked it down to a coworker who installed OpenNMS referring to http://www.opennms.org/documentation/installguide.html .
This document contains a bad hint to basically switch off security measures for local users:
Customizing the pg_hba.conf File
The easiest thing to do is to just allow anyone from the localhost to access the database (do not add the last line if your system does not support IPv6):
- TYPE DATABASE USER IP-ADDRESS IP-MASK METHOD
local all all trust
host all all 127.0.0.1 255.255.255.255 trust
host all all ::1 ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff trust
Make sure that no other lines are uncommented in this file."
Sure, that's indeed "easy", but the text doesn't actually stress the fact that you just switched off security measures for all local users...