Index: doc/src/sgml/config.sgml
===================================================================
RCS file: /cvsroot/pgsql/doc/src/sgml/config.sgml,v
retrieving revision 1.195
diff -c -c -r1.195 config.sgml
*** doc/src/sgml/config.sgml	11 Nov 2008 02:42:31 -0000	1.195
--- doc/src/sgml/config.sgml	11 Nov 2008 18:49:05 -0000
***************
*** 706,711 ****
--- 706,720 ----
          before the user name is looked up by the server.
         </para>
  
+        <para>
+         Keep in mind all authentication checks are done with
+         the server's representation of the user name, not the client's.
+         Because of this, <literal>MD5</> authentication will not work
+         when <literal>db_user_namespace</> is enabled because the
+         client and server have different representations of the user
+         name.
+        </para>
+ 
         <note>
          <para>
           This feature is intended as a temporary measure until a
Index: src/backend/libpq/auth.c
===================================================================
RCS file: /cvsroot/pgsql/src/backend/libpq/auth.c,v
retrieving revision 1.170
diff -c -c -r1.170 auth.c
*** src/backend/libpq/auth.c	28 Oct 2008 12:10:43 -0000	1.170
--- src/backend/libpq/auth.c	11 Nov 2008 18:49:06 -0000
***************
*** 368,373 ****
--- 368,377 ----
  			break;
  
  		case uaMD5:
+ 			if (Db_user_namespace)
+ 				ereport(FATAL,
+ 						(errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
+ 						 errmsg("MD5 authentication is not supported when \"db_user_namespace\" is enabled")));
  			sendAuthRequest(port, AUTH_REQ_MD5);
  			status = recv_and_check_password_packet(port);
  			break;
Index: src/backend/libpq/hba.c
===================================================================
RCS file: /cvsroot/pgsql/src/backend/libpq/hba.c,v
retrieving revision 1.172
diff -c -c -r1.172 hba.c
*** src/backend/libpq/hba.c	28 Oct 2008 12:10:43 -0000	1.172
--- src/backend/libpq/hba.c	11 Nov 2008 18:49:06 -0000
***************
*** 846,852 ****
--- 846,861 ----
  	else if (strcmp(token, "reject") == 0)
  		parsedline->auth_method = uaReject;
  	else if (strcmp(token, "md5") == 0)
+ 	{
+ 		if (Db_user_namespace)
+ 		{
+ 			ereport(LOG,
+ 					(errcode(ERRCODE_CONFIG_FILE_ERROR),
+ 					 errmsg("MD5 authentication is not supported when \"db_user_namespace\" is enabled")));
+ 			return false;
+ 		}
  		parsedline->auth_method = uaMD5;
+ 	}
  	else if (strcmp(token, "pam") == 0)
  #ifdef USE_PAM
  		parsedline->auth_method = uaPAM;