Why doesn't Postgres ask for password for user postgres?

Question

From what I read in my pg_hba.conf, I'm inferring that, to make sure I'm prompted for a password for the postgres user, I should edit pg_hba.conf's first two entries' method from the current 'peer' to either 'password' or 'md5', but I don't want to break things if that's wrong. Am I on the right track? Or missing something obvious?

Anyway, more details-

After installing postgres 9.4 on debian, I changed the postgres user's password by doing this-

postgres=# \password postgres

...and entering in the new password twice.

Then I exited postgres (Ctrl+D), then restarted the server from bash-

sudo service postgresql restart

When I log back into postgres (sudo -u postgres psql), I'm not prompted for the new password. I just get-

psql (9.4.9)
Type "help" for help

postgres=#

Also, the .pgpass file is in my home directory, but it's empty. Finally, first two lines of pg_hba.conf are

local   all        postgres      [blank]   peer
local   all        all           [blank]   peer

Answer 1

Setting a password only provides the password for authentication methods that require it. It does not add the requirement that the password be specified for login.

Whether a password is required is controlled by pg_hba.conf. The peer auth mode does not require a password, it allows a user to log in if their unix username is the same as the postgres username they're trying to connect as.

Try md5 auth if you want password authentication.