Index: doc/src/sgml/client-auth.sgml
===================================================================
RCS file: /cvsroot/pgsql/doc/src/sgml/client-auth.sgml,v
retrieving revision 1.111
diff -c -c -r1.111 client-auth.sgml
*** doc/src/sgml/client-auth.sgml	18 Nov 2008 13:10:20 -0000	1.111
--- doc/src/sgml/client-auth.sgml	20 Nov 2008 03:56:43 -0000
***************
*** 702,707 ****
--- 702,709 ----
      If you are at all concerned about password
      <quote>sniffing</> attacks then <literal>md5</> is preferred.
      Plain <literal>password</> should always be avoided if possible.
+     <literal>md5</> cannot be used with <xref
+     linkend="guc-db-user-namespace">.
     </para>
  
     <para>
Index: doc/src/sgml/config.sgml
===================================================================
RCS file: /cvsroot/pgsql/doc/src/sgml/config.sgml,v
retrieving revision 1.195
diff -c -c -r1.195 config.sgml
*** doc/src/sgml/config.sgml	11 Nov 2008 02:42:31 -0000	1.195
--- doc/src/sgml/config.sgml	20 Nov 2008 03:56:44 -0000
***************
*** 706,711 ****
--- 706,722 ----
          before the user name is looked up by the server.
         </para>
  
+        <para>
+         <varname>db_user_namespace</> causes the client's and
+         server's user name representation to differ.
+         Authentication checks are always done with the server's user name
+         so authentication methods must be configured for the
+         server's user name, not the client's.  Because
+         <literal>md5</> uses the user name as salt on both the
+         client and server, <literal>md5</> cannot be used with
+         <varname>db_user_namespace</>.
+        </para>
+ 
         <note>
          <para>
           This feature is intended as a temporary measure until a
Index: src/backend/libpq/auth.c
===================================================================
RCS file: /cvsroot/pgsql/src/backend/libpq/auth.c,v
retrieving revision 1.171
diff -c -c -r1.171 auth.c
*** src/backend/libpq/auth.c	18 Nov 2008 13:10:20 -0000	1.171
--- src/backend/libpq/auth.c	20 Nov 2008 03:56:44 -0000
***************
*** 371,376 ****
--- 371,380 ----
  			break;
  
  		case uaMD5:
+ 			if (Db_user_namespace)
+ 				ereport(FATAL,
+ 						(errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
+ 						 errmsg("MD5 authentication is not supported when \"db_user_namespace\" is enabled")));
  			sendAuthRequest(port, AUTH_REQ_MD5);
  			status = recv_and_check_password_packet(port);
  			break;
Index: src/backend/libpq/hba.c
===================================================================
RCS file: /cvsroot/pgsql/src/backend/libpq/hba.c,v
retrieving revision 1.172
diff -c -c -r1.172 hba.c
*** src/backend/libpq/hba.c	28 Oct 2008 12:10:43 -0000	1.172
--- src/backend/libpq/hba.c	20 Nov 2008 03:56:47 -0000
***************
*** 846,852 ****
--- 846,861 ----
  	else if (strcmp(token, "reject") == 0)
  		parsedline->auth_method = uaReject;
  	else if (strcmp(token, "md5") == 0)
+ 	{
+ 		if (Db_user_namespace)
+ 		{
+ 			ereport(LOG,
+ 					(errcode(ERRCODE_CONFIG_FILE_ERROR),
+ 					 errmsg("MD5 authentication is not supported when \"db_user_namespace\" is enabled")));
+ 			return false;
+ 		}
  		parsedline->auth_method = uaMD5;
+ 	}
  	else if (strcmp(token, "pam") == 0)
  #ifdef USE_PAM
  		parsedline->auth_method = uaPAM;