#+title: PostgreSQL
#+setupfile: ../org-templates/page.org

** Change password for user
#+begin_src shell
sudo -u user_name psql db_name
#+end_src

#+begin_src sql
ALTER USER user_name WITH PASSWORD 'new_password';
#+end_src

** Update password auth method to SCRAM
Edit ~/etc/postgresql/16/main/postgresql.conf~:
#+BEGIN_SRC shell
password_encryption = scram-sha-256
#+END_SRC

Restart postgresql.service:
#+BEGIN_SRC shell
sudo systemctl restart postgresql.service
#+END_SRC

At this point, any services using the old MD5 auth method will fail to connect to their PostgreSQL databases.

Update the settings in ~/etc/postgresql/16/main/pg_hba.conf~:
#+BEGIN_SRC shell
TYPE    DATABASE        USER            ADDRESS         METHOD
local   all             mastodon                        scram-sha-256
local   all             synapse_user                    scram-sha-256
#+END_SRC

Enter a psql shell and determine who needs to upgrade their auth method:
#+BEGIN_SRC sql
SELECT rolname, rolpassword ~ '^SCRAM-SHA-256\$' AS has_upgraded FROM pg_authid WHERE rolcanlogin;

\password username
#+END_SRC

Restart postgresql.service and all services using a PostgreSQL database:
#+BEGIN_SRC shell
sudo systemctl restart postgresql.service
sudo systemctl restart mastodon-web.service mastodon-sidekiq.service mastodon-streaming.service
sudo systemctl restart matrix-synapse.service
#+END_SRC