[pgsql-admin] Simple question about security in 8.1.1

People,

I just installed postgreSQL 8.1.1 on my free-bsd box:

Creation of a database is easy:

bash-2.05b$ id
uid=70(pgsql) gid=70(pgsql) groups=70(pgsql)
bash-2.05b$ createdb -O pgsql db10
CREATE DATABASE
bash-2.05b$

I took a peek at help:

bash-2.05b$ psql --help
This is psql 8.1.1, the PostgreSQL interactive terminal.

Usage:
psql [OPTIONS]... [DBNAME [USERNAME]]

General options:
-d DBNAME specify database name to connect to (default: "pgsql")
-c COMMAND run only single command (SQL or internal) and exit
-f FILENAME execute commands from file, then exit
-l list available databases, then exit
-v NAME=VALUE set psql variable NAME to VALUE
-X do not read startup file (~/.psqlrc)
--help show this help, then exit
--version output version information, then exit

Input and output options:
-a echo all input from script
-e echo commands sent to server
-E display queries that internal commands generate
-q run quietly (no messages, only query output)
-o FILENAME send query results to file (or |pipe)
-n disable enhanced command line editing (readline)
-s single-step mode (confirm each query)
-S single-line mode (end of line terminates SQL command)
-L FILENAME send session log to file

Output format options:
-A unaligned table output mode (-P format=unaligned)
-H HTML table output mode (-P format=html)
-t print rows only (-P tuples_only)
-T TEXT set HTML table tag attributes (width, border) (-P tableattr=)
-x turn on expanded table output (-P expanded)
-P VAR[=ARG] set printing option VAR to ARG (see \pset command)
-F STRING set field separator (default: "|") (-P fieldsep=)
-R STRING set record separator (default: newline) (-P recordsep=)

Connection options:
-h HOSTNAME database server host or socket directory (default:
"local socket")
-p PORT database server port (default: "5432")
-U NAME database user name (default: "pgsql")
-W prompt for password (should happen automatically)

For more information, type "\?" (for internal commands) or "\help"
(for SQL commands) from within psql, or consult the psql section in
the PostgreSQL documentation.

Report bugs to <pgsql-bugs(at)postgresql(dot)org>.
bash-2.05b$

I read up on creation of a database user.
Creation of a user inside the database is easy:

bash-2.05b$ psql db10 pgsql
Welcome to psql 8.1.1, the PostgreSQL interactive terminal.

Type: ＼copyright for distribution terms
＼h for help with SQL commands
＼? for help with psql commands
＼g or terminate with semicolon to execute query
＼q to quit

db10=# ＼h create user
Command: CREATE USER
Description: define a new database role
Syntax:
CREATE USER name [ [ WITH ] option [ ... ] ]

where option can be:

SUPERUSER | NOSUPERUSER
| CREATEDB | NOCREATEDB
| CREATEROLE | NOCREATEROLE
| CREATEUSER | NOCREATEUSER
| INHERIT | NOINHERIT
| LOGIN | NOLOGIN
| CONNECTION LIMIT connlimit
| [ ENCRYPTED | UNENCRYPTED ] PASSWORD 'password'
| VALID UNTIL 'timestamp'
| IN ROLE rolename [, ...]
| IN GROUP rolename [, ...]
| ROLE rolename [, ...]
| ADMIN rolename [, ...]
| USER rolename [, ...]
| SYSID uid

db10=# CREATE USER scott PASSWORD 'tiger';
CREATE ROLE
db10=#

So, now I have a user named scott with password of tiger.

I login to another unix account named 'oracle'.

bash-2.05b$ id
uid=1004(oracle) gid=1005(oracle) groups=1005(oracle)
bash-2.05b$
bash-2.05b$

I'm allowed to connect to the db10 database without authentication!:

bash-2.05b$ psql db10 scott
Welcome to psql 8.1.1, the PostgreSQL interactive terminal.

Type: ＼copyright for distribution terms
＼h for help with SQL commands
＼? for help with psql commands
＼g or terminate with semicolon to execute query
＼q to quit

db10=> create table dropme (n integer);
CREATE TABLE
db10=> drop table dropme;
DROP TABLE
db10=>

This seems insecure.

How do I create a postgreSQL user account such that attempts to connect
to it require authentication?

-Dan