diff --git a/configure b/configure
new file mode 100755
index 7c0bd0c..bd80b46
*** a/configure
--- b/configure
*************** with_tcl
*** 824,829 ****
--- 824,831 ----
  with_tclconfig
  with_perl
  with_python
+ with_trust_auth
+ with_ident_auth
  with_gssapi
  with_krb_srvnam
  with_pam
*************** Optional Packages:
*** 1511,1516 ****
--- 1513,1520 ----
    --with-tclconfig=DIR    tclConfig.sh is in DIR
    --with-perl             build Perl modules (PL/Perl)
    --with-python           build Python modules (PL/Python)
+   --without-trust-auth    build with trust authentication support
+   --without-ident-auth    build with ident authentication support
    --with-gssapi           build with GSSAPI support
    --with-krb-srvnam=NAME  default service principal name in Kerberos (GSSAPI)
                            [postgres]
*************** $as_echo "$with_python" >&6; }
*** 5414,5419 ****
--- 5418,5505 ----
  
  
  #
+ # Enable Trust authentication
+ #
+ 
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to build with trust authentication support" >&5
+ $as_echo_n "checking whether to build with trust authentication support... " >&6; }
+ 
+ 
+ 
+ # Check whether --with-trust-auth was given.
+ if test "${with_trust_auth+set}" = set; then :
+   withval=$with_trust_auth;
+   case $withval in
+     yes)
+ 
+ 
+ $as_echo "#define WITH_TRUST 1" >>confdefs.h
+ 
+ 
+       ;;
+     no)
+       :
+       ;;
+     *)
+       as_fn_error $? "no argument expected for --with-trust-auth option" "$LINENO" 5
+       ;;
+   esac
+ 
+ else
+   with_trust_auth=yes
+ 
+ 
+ $as_echo "#define WITH_TRUST 1" >>confdefs.h
+ 
+ 
+ fi
+ 
+ 
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_trust_auth" >&5
+ $as_echo "$with_trust_auth" >&6; }
+ 
+ #
+ # Enable Ident authentication
+ #
+ 
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to build with ident authentication support" >&5
+ $as_echo_n "checking whether to build with ident authentication support... " >&6; }
+ 
+ 
+ 
+ # Check whether --with-ident-auth was given.
+ if test "${with_ident_auth+set}" = set; then :
+   withval=$with_ident_auth;
+   case $withval in
+     yes)
+ 
+ 
+ $as_echo "#define WITH_IDENT 1" >>confdefs.h
+ 
+ 
+       ;;
+     no)
+       :
+       ;;
+     *)
+       as_fn_error $? "no argument expected for --with-ident-auth option" "$LINENO" 5
+       ;;
+   esac
+ 
+ else
+   with_ident_auth=yes
+ 
+ 
+ $as_echo "#define WITH_IDENT 1" >>confdefs.h
+ 
+ 
+ fi
+ 
+ 
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_ident_auth" >&5
+ $as_echo "$with_ident_auth" >&6; }
+ 
+ #
  # GSSAPI
  #
  { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to build with GSSAPI support" >&5
diff --git a/configure.in b/configure.in
new file mode 100644
index 1cd9e1e..a823571
*** a/configure.in
--- b/configure.in
*************** AC_MSG_RESULT([$with_python])
*** 626,631 ****
--- 626,653 ----
  AC_SUBST(with_python)
  
  #
+ # Enable Trust authentication
+ #
+ 
+ AC_MSG_CHECKING([whether to build with trust authentication support])
+ PGAC_ARG_BOOL(with, trust-auth, yes, [build with trust authentication support],
+ [
+   AC_DEFINE(WITH_TRUST, 1, [Define to build with trust authentication support. (--without-trust-auth)])
+ ])
+ AC_MSG_RESULT([$with_trust_auth])
+ 
+ #
+ # Enable Ident authentication
+ #
+ 
+ AC_MSG_CHECKING([whether to build with ident authentication support])
+ PGAC_ARG_BOOL(with, ident-auth, yes, [build with ident authentication support],
+ [
+   AC_DEFINE(WITH_IDENT, 1, [Define to build with ident authentication support. (--without-ident-auth)])
+ ])
+ AC_MSG_RESULT([$with_ident_auth])
+ 
+ #
  # GSSAPI
  #
  AC_MSG_CHECKING([whether to build with GSSAPI support])
diff --git a/doc/src/sgml/installation.sgml b/doc/src/sgml/installation.sgml
new file mode 100644
index 4968e09..2a49283
*** a/doc/src/sgml/installation.sgml
--- b/doc/src/sgml/installation.sgml
*************** su - postgres
*** 757,762 ****
--- 757,786 ----
        </varlistentry>
  
        <varlistentry>
+        <term><option>--without-trust-auth</option></term>
+        <listitem>
+         <para>
+          Build without support for trust authentication. Trust authentication
+          is useful on standalone systems but may lead to serious security
+          issues when not used properly. This switch disables the trust keyword
+          in the <filename>pg_hba.conf</filename> file.
+         </para>
+        </listitem>
+       </varlistentry>
+ 
+       <varlistentry>
+        <term><option>--without-ident-auth</option></term>
+        <listitem>
+         <para>
+          Build without support for ident authentication. Ident authentication
+          is useful for some specific setups but may generally lead to serious security
+          issues when not used properly. This switch disables the ident keyword
+          in the <filename>pg_hba.conf</filename> file.
+         </para>
+        </listitem>
+       </varlistentry>
+ 
+       <varlistentry>
         <term><option>--with-gssapi</option></term>
         <listitem>
          <para>
diff --git a/src/backend/libpq/hba.c b/src/backend/libpq/hba.c
new file mode 100644
index a0f5396..33b5539
*** a/src/backend/libpq/hba.c
--- b/src/backend/libpq/hba.c
*************** parse_hba_line(List *line, int line_num,
*** 1150,1158 ****
--- 1150,1166 ----
  
  	unsupauth = NULL;
  	if (strcmp(token->string, "trust") == 0)
+ #ifdef WITH_TRUST
  		parsedline->auth_method = uaTrust;
+ #else
+ 		unsupauth = "trust";
+ #endif
  	else if (strcmp(token->string, "ident") == 0)
+ #ifdef WITH_IDENT
  		parsedline->auth_method = uaIdent;
+ #else
+ 		unsupauth = "ident";
+ #endif
  	else if (strcmp(token->string, "peer") == 0)
  		parsedline->auth_method = uaPeer;
  	else if (strcmp(token->string, "password") == 0)
diff --git a/src/bin/initdb/initdb.c b/src/bin/initdb/initdb.c
new file mode 100644
index 8694920..5541a9c
*** a/src/bin/initdb/initdb.c
--- b/src/bin/initdb/initdb.c
***************
*** 71,77 ****
  /* Ideally this would be in a .h file, but it hardly seems worth the trouble */
  extern const char *select_default_timezone(const char *share_path);
  
! static const char *auth_methods_host[] = {"trust", "reject", "md5", "password", "ident", "radius",
  #ifdef ENABLE_GSS
  	"gss",
  #endif
--- 71,85 ----
  /* Ideally this would be in a .h file, but it hardly seems worth the trouble */
  extern const char *select_default_timezone(const char *share_path);
  
! static const char *auth_methods_host[] = {
! #ifdef WITH_TRUST
! "trust", 
! #endif
! "md5", "reject", "password", 
! #ifdef WITH_IDENT
! "ident", 
! #endif
! "radius",
  #ifdef ENABLE_GSS
  	"gss",
  #endif
*************** static const char *auth_methods_host[] =
*** 88,94 ****
  	"cert",
  #endif
  NULL};
! static const char *auth_methods_local[] = {"trust", "reject", "md5", "password", "peer", "radius",
  #ifdef USE_PAM
  	"pam", "pam ",
  #endif
--- 96,106 ----
  	"cert",
  #endif
  NULL};
! static const char *auth_methods_local[] = {
! #ifdef WITH_TRUST
! "trust", 
! #endif
! "peer", "reject", "md5", "password", "radius",
  #ifdef USE_PAM
  	"pam", "pam ",
  #endif
*************** usage(const char *progname)
*** 2790,2803 ****
  }
  
  static void
! check_authmethod_unspecified(const char **authmethod)
  {
  	if (*authmethod == NULL || strlen(*authmethod) == 0)
  	{
  		authwarning = _("\nWARNING: enabling \"trust\" authentication for local connections\n"
  						"You can change this by editing pg_hba.conf or using the option -A, or\n"
  			"--auth-local and --auth-host, the next time you run initdb.\n");
  		*authmethod = "trust";
  	}
  }
  
--- 2802,2826 ----
  }
  
  static void
! check_authmethod_unspecified(const char **authmethod, const char *conntype)
  {
  	if (*authmethod == NULL || strlen(*authmethod) == 0)
  	{
+ #ifdef WITH_TRUST
  		authwarning = _("\nWARNING: enabling \"trust\" authentication for local connections\n"
  						"You can change this by editing pg_hba.conf or using the option -A, or\n"
  			"--auth-local and --auth-host, the next time you run initdb.\n");
  		*authmethod = "trust";
+ #else
+ 		if (strcmp(conntype, "local") == 0) {
+ 			authwarning = _("\nWARNING: enabling \"peer\" authentication for local connections\n"
+ 						"You can change this by editing pg_hba.conf or using the option -A, or\n"
+ 			"--auth-local and --auth-host, the next time you run initdb.\n");
+ 			*authmethod = "peer";
+ 		} else {
+ 			*authmethod = "md5";
+ 		}
+ #endif
  	}
  }
  
*************** main(int argc, char *argv[])
*** 3586,3593 ****
  		exit(1);
  	}
  
! 	check_authmethod_unspecified(&authmethodlocal);
! 	check_authmethod_unspecified(&authmethodhost);
  
  	check_authmethod_valid(authmethodlocal, auth_methods_local, "local");
  	check_authmethod_valid(authmethodhost, auth_methods_host, "host");
--- 3609,3616 ----
  		exit(1);
  	}
  
! 	check_authmethod_unspecified(&authmethodlocal, "local");
! 	check_authmethod_unspecified(&authmethodhost, "host");
  
  	check_authmethod_valid(authmethodlocal, auth_methods_local, "local");
  	check_authmethod_valid(authmethodhost, auth_methods_host, "host");
diff --git a/src/include/pg_config.h.in b/src/include/pg_config.h.in
new file mode 100644
index 5688f75..888d29b
*** a/src/include/pg_config.h.in
--- b/src/include/pg_config.h.in
***************
*** 51,56 ****
--- 51,62 ----
  /* Define to build with GSSAPI support. (--with-gssapi) */
  #undef ENABLE_GSS
  
+ /* Define to build with trust authentication turned on (default, --without-trust-auth to turn off) */
+ #undef WITH_TRUST
+ 
+ /* Define to build with ident authentication turned on (default, --without-ident-auth to turn off) */
+ #undef WITH_IDENT
+ 
  /* Define to 1 if you want National Language Support. (--enable-nls) */
  #undef ENABLE_NLS