authentication/privileges

Hi,

Although I'm quite happy with the way my system (Debian sid) has set up
the server (PosgreSQL 9.1), I'm not sure I'm using the
authentication/privilege mechanism properly.

In particular, I'd like to understand how the administrative user
(postgres) is set up.  Here is what pg_hba contains:

# Database administrative login by Unix domain socket
local   all             postgres                                peer

With peer authentication, one can only login as postgres from a local
connection.  I'm not sure what password the postgres user was set up in
the OS, however, I assigned one to it (the same as for the PostgreSQL
user).  I've read somewhere that the postgres OS user should be left
locked without password, although it's not clear what was meant by
"locked".  In any case, what is recommended practice WRT passwords for
setting Unix vs PostgreSQL passwords for postgres and other DB users?

Thanks,

--
Seb