diff --git a/doc/src/sgml/high-availability.sgml b/doc/src/sgml/high-availability.sgml
index 2c24fd9c139630c74a28971d0fd10b36aca5c49b..b1ec461f53ef19b8d11e9f2611272e58f46f3494 100644
--- a/doc/src/sgml/high-availability.sgml
+++ b/doc/src/sgml/high-availability.sgml
@@ -805,9 +805,9 @@ archive_cleanup_command = 'pg_archivecleanup /path/to/archive %r'
     <note>
      <para>
       It is recommended that a dedicated user account is used for replication.
-      While it is possible to add  the <literal>REPLICATION</> privilege to
-      a superuser account for the purporses of replication, this is not
-      recommended. While <literal>REPLICATION</> privilege gives very high
+      While the <literal>REPLICATION</> privilege is granted to superuser
+      accounts by default, it is not recommended to use superuser accounts
+      for replication. While <literal>REPLICATION</> privilege gives very high
       permissions, it does not allow the user to modify any data on the
       primary system, which the <literal>SUPERUSER</> privilege does.
      </para>
diff --git a/doc/src/sgml/ref/create_role.sgml b/doc/src/sgml/ref/create_role.sgml
index 7cc7f149fdc9d478e55bbafa198ec21d4f0e322f..43bec5d8e134c26786a4029ddce745f81d0f51f3 100644
--- a/doc/src/sgml/ref/create_role.sgml
+++ b/doc/src/sgml/ref/create_role.sgml
@@ -185,7 +185,8 @@ CREATE ROLE <replaceable class="PARAMETER">name</replaceable> [ [ WITH ] <replac
         A role having the <literal>REPLICATION</> attribute is a very
         highly privileged role, and should only be used on roles actually
         used for replication. If not specified,
-        <literal>NOREPLICATION</literal> is the default.
+        <literal>NOREPLICATION</literal> is the default for all roles except
+        superusers.
        </para>
       </listitem>
      </varlistentry>
diff --git a/doc/src/sgml/user-manag.sgml b/doc/src/sgml/user-manag.sgml
index 08b3fb7dc4289f4b6837cfe254a7dd0a5f43be30..2830aec49ca7b6c251a0cabd0cfc819d1235df29 100644
--- a/doc/src/sgml/user-manag.sgml
+++ b/doc/src/sgml/user-manag.sgml
@@ -175,7 +175,11 @@ CREATE USER <replaceable>name</replaceable>;
         to do most of your work as a role that is not a superuser.
         To create a new database superuser, use <literal>CREATE ROLE
         <replaceable>name</replaceable> SUPERUSER</literal>.  You must do
-        this as a role that is already a superuser.
+        this as a role that is already a superuser. Creating a superuser
+        will by default also grant permissions to initiate streaming
+        replication. For increased security this can be disallowed using
+        <literal>CREATE ROLE <replaceable>name</replaceable> SUPERUSER
+        NOREPLICATION</literal>.
        </para>
       </listitem>
      </varlistentry>
@@ -214,9 +218,8 @@ CREATE USER <replaceable>name</replaceable>;
       <listitem>
        <para>
         A role must explicitly be given permission to initiate streaming
-        replication (superusers do not bypass this check). A role used
-        for streaming replication must always have <literal>LOGIN</>
-        permission as well. To create such a role, use
+        replication. A role used for streaming replication must always
+        have <literal>LOGIN</> permission as well. To create such a role, use
         <literal>CREATE ROLE <replaceable>name</replaceable> REPLICATION
         LOGIN</literal>.
        </para>
diff --git a/src/backend/commands/user.c b/src/backend/commands/user.c
index 9e505b7525f88f695b46fab22955b5fd18a40937..be049cb99455fb6af54334fd7d427981f8316ec1 100644
--- a/src/backend/commands/user.c
+++ b/src/backend/commands/user.c
@@ -248,7 +248,15 @@ CreateRole(CreateRoleStmt *stmt)
 	if (dpassword && dpassword->arg)
 		password = strVal(dpassword->arg);
 	if (dissuper)
+	{
 		issuper = intVal(dissuper->arg) != 0;
+		/*
+		 * Superusers get replication by default, but only if
+		 * NOREPLICATION wasn't explicitly mentioned
+		 */
+		if (!(disreplication && intVal(disreplication->arg) == 0))
+			isreplication = 1;
+	}
 	if (dinherit)
 		inherit = intVal(dinherit->arg) != 0;
 	if (dcreaterole)
diff --git a/src/include/catalog/catversion.h b/src/include/catalog/catversion.h
index 2daf9f80ef409bbd48f3ab2968f2b014d4959e1b..3f5ef242ed2abdc6ebf8b6143647979cb8a41bb1 100644
--- a/src/include/catalog/catversion.h
+++ b/src/include/catalog/catversion.h
@@ -53,6 +53,6 @@
  */
 
 /*							yyyymmddN */
-#define CATALOG_VERSION_NO	201101031
+#define CATALOG_VERSION_NO	201101051
 
 #endif
diff --git a/src/include/catalog/pg_authid.h b/src/include/catalog/pg_authid.h
index 7eee4cb5cbc20bd0fdf32826c095395039b60077..0c5ae443a0d2818dd11406234a11606cdf1de271 100644
--- a/src/include/catalog/pg_authid.h
+++ b/src/include/catalog/pg_authid.h
@@ -93,7 +93,7 @@ typedef FormData_pg_authid *Form_pg_authid;
  * user choices.
  * ----------------
  */
-DATA(insert OID = 10 ( "POSTGRES" t t t t t t f -1 _null_ _null_ ));
+DATA(insert OID = 10 ( "POSTGRES" t t t t t t t -1 _null_ _null_ ));
 
 #define BOOTSTRAP_SUPERUSERID 10