pg_hba.conf controls the authentication method. If you want to request a password, use
md5 authentication. If you want to allow login with no password to anyone, use
trust. If you want to require the same username in the operating system as in PostgreSQL, use
peer (UNIX, only for
local connections) or
If there’s a password set, but
pg_hba.conf doesn’t tell PostgreSQL to ask for it, the password is ignored.
pg_hba.conf tells PostgreSQL to ask for a password but there’s none set, then all login attempts will fail no matter what password is supplied.