I just hit this, which at least violated my sense of least astonishment,
if it's not an outright bug:
After creating a role foo, I added to following lines to my (9.0)
pg_hba.conf:
local all +foo reject host all +foo 0.0.0.0/0 reject
The surprising (to me) consequence was that every superuser was locked
out of the system. I had not granted them (or anyone) the role, but
nevertheless these lines took effect.
If this is intended, it should at least be documented. But if it is
intended then it's ugly anyway, IMNSHO, and we should change it.
cheers
andrew