BUG #14333: Remote connections for members of role in pg_hba.conf

The following bug has been logged on the website:

Bug reference: 14333
Logged by: B. Rodgers
Email address: brodgers3(at)oreillyauto(dot)com
PostgreSQL version: 9.3.13
Operating system: Ubuntu 14.04.4 LTS
Description:

--- create a role "read_group" with permissions to connect and select on all
objects

--- Similar, create new user to be managed by "read_group" permissions ---
CREATE ROLE myuser LOGIN CONNECTION LIMIT 5;
GRANT read_group TO myuser;

--- Verify user exists and is member of group "read_group" ---
mydb=> \dg myuser
List of roles
Role name | Attributes | Member of
-----------+---------------+------------------
myuser | 5 connections | {read_group}

--- pg_hba.conf entry intended to allow members of "read_group" to connect
---
host mydb +read_group 172.XX.YY.0/24 md5

--- Error received upon attempting remote connection ---
FATAL: no pg_hba.conf entry for host "172.XX.YY.ZZ", user "myuser", database
"mydb", SSL off

Expected either valid connection or password error.

Looking to control arbitrary large list of users with just a couple managed
roles such as "read" or "write" groups such that only the "read" and "write"
groups are specified in places like pg_hba.conf.

brodgers3(at)oreillyauto(dot)com writes:
> --- Error received upon attempting remote connection ---
> FATAL: no pg_hba.conf entry for host "172.XX.YY.ZZ", user "myuser", database
> "mydb", SSL off
> Expected either valid connection or password error.

This example works for me (after suitable adjustment of the IP addresses).
Only theory that comes to mind offhand is that you forgot to tell the
postmaster to reload the pg_hba.conf file after you edited it (via pg_ctl
reload, SIGHUP, etc).

regards, tom lane