diff --git a/README.md b/README.md
index 81f6263..0a39860 100644
--- a/README.md
+++ b/README.md
@@ -38,16 +38,23 @@ The directories (usually one, but can be multiple) where PostgreSQL's socket wil
 Global configuration options that will be set in `postgresql.conf`. Note that for RHEL/CentOS 6 (or very old versions of PostgreSQL), you need to at least override this variable and set the `option` to `unix_socket_directory`.
 
     postgresql_hba_entries:
-      - type: host # required; local, host, hostssl or hostnossl
-        database: exampledb # required
-        user: jdoe # required
-        address: 192.0.2.0/24 # either this or ip_address / ip_mask are required unless type is 'local'
-        ip_address: # alternative to 'address'
-        ip_mask: # alternative to 'address'
-        auth_method: # required
-        auth_options: # optional
+      - { type: local, database: all, user: postgres, auth_method: peer }
+      - { type: local, database: all, user: all, auth_method: peer }
+      - { type: host, database: all, user: all, address: '127.0.0.1/32', auth_method: md5 }
+      - { type: host, database: all, user: all, address: '::1/128', auth_method: md5 }
 
-Configure [host based authentication](https://www.postgresql.org/docs/current/static/auth-pg-hba-conf.html) entries to be set in the `pg_hba.conf`. 
+Configure [host based authentication](https://www.postgresql.org/docs/current/static/auth-pg-hba-conf.html) entries to be set in the `pg_hba.conf`. Options for entries include:
+
+  - `type` (required)
+  - `database` (required)
+  - `user` (required)
+  - `address` (one of this or the following two are required)
+  - `ip_address`
+  - `ip_mask`
+  - `auth_method` (required)
+  - `auth_options` (optional)
+
+If overriding, make sure you copy all of the existing entries from `defaults/main.yml` if you need to preserve existing entries.
 
     postgresql_locales:
       - 'en_US.UTF-8'
diff --git a/defaults/main.yml b/defaults/main.yml
index 3f59904..9a7dfa0 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -13,12 +13,13 @@ postgresql_global_config_options:
   - option: unix_socket_directories
     value: '{{ postgresql_unix_socket_directories | join(",") }}'
 
-# Host based authentication (hba) entries to be added to the pg_hba.conf.
+# Host based authentication (hba) entries to be added to the pg_hba.conf. This
+# variable's defaults reflect the defaults that come with a fresh installation.
 postgresql_hba_entries:
-  - type: local
-    database: all
-    user: all
-    auth_method: trust
+  - { type: local, database: all, user: postgres, auth_method: peer }
+  - { type: local, database: all, user: all, auth_method: peer }
+  - { type: host, database: all, user: all, address: '127.0.0.1/32', auth_method: md5 }
+  - { type: host, database: all, user: all, address: '::1/128', auth_method: md5 }
 
 # Debian only. Used to generate the locales used by PostgreSQL databases.
 postgresql_locales: