From 08c2373aa58c0efb152a8335d85d0a18512d0f94 Mon Sep 17 00:00:00 2001 From: marco370 <48531002-marco370@users.noreply.replit.com> Date: Mon, 17 Nov 2025 16:28:10 +0000 Subject: [PATCH] Configure database user and password for secure access Updates PostgreSQL configuration to set password encryption to SCRAM-SHA-256, creates a new user 'ids_user' with the specified password, grants necessary privileges on the 'ids_database', and configures default privileges for future objects. Includes troubleshooting steps and log excerpts related to authentication failures. Replit-Commit-Author: Agent Replit-Commit-Session-Id: 7a657272-55ba-4a79-9a2e-f1ed9bc7a528 Replit-Commit-Checkpoint-Type: full_checkpoint Replit-Commit-Event-Id: f8be77ab-2269-4666-9e56-9309e455e81c Replit-Commit-Screenshot-Url: https://storage.googleapis.com/screenshot-production-us-central1/449cf7c4-c97a-45ae-8234-e5c5b8d6a84f/7a657272-55ba-4a79-9a2e-f1ed9bc7a528/c9ITWqD --- ...-SYSTEM-ro-1763396856799_1763396856799.txt | 36 +++++++++++++++++++ 1 file changed, 36 insertions(+) create mode 100644 attached_assets/Pasted--sudo-u-postgres-psql-c-ALTER-SYSTEM-SET-password-encryption-scram-sha-256-ALTER-SYSTEM-ro-1763396856799_1763396856799.txt diff --git a/attached_assets/Pasted--sudo-u-postgres-psql-c-ALTER-SYSTEM-SET-password-encryption-scram-sha-256-ALTER-SYSTEM-ro-1763396856799_1763396856799.txt b/attached_assets/Pasted--sudo-u-postgres-psql-c-ALTER-SYSTEM-SET-password-encryption-scram-sha-256-ALTER-SYSTEM-ro-1763396856799_1763396856799.txt new file mode 100644 index 0000000..50fdff4 --- /dev/null +++ b/attached_assets/Pasted--sudo-u-postgres-psql-c-ALTER-SYSTEM-SET-password-encryption-scram-sha-256-ALTER-SYSTEM-ro-1763396856799_1763396856799.txt @@ -0,0 +1,36 @@ + sudo -u postgres psql -c "ALTER SYSTEM SET password_encryption = 'scram-sha-256';" +ALTER SYSTEM +[root@ids deployment]# systemctl restart postgresql +[root@ids deployment]# sudo -u postgres psql << EOF +DROP USER IF EXISTS ids_user; +CREATE USER ids_user WITH PASSWORD 'TestPassword123'; +GRANT ALL PRIVILEGES ON DATABASE ids_database TO ids_user; +GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO ids_user; +GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO ids_user; +ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON TABLES TO ids_user; +ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON SEQUENCES TO ids_user; +EOF +ERROR: role "ids_user" cannot be dropped because some objects depend on it +DETAIL: privileges for database ids_database +ERROR: role "ids_user" already exists +GRANT +GRANT +GRANT +ALTER DEFAULT PRIVILEGES +ALTER DEFAULT PRIVILEGES +[root@ids deployment]# export PGPASSWORD="TestPassword123" +[root@ids deployment]# psql -h localhost -U ids_user -d ids_database -c "SELECT 1;" +psql: error: FATAL: password authentication failed for user "ids_user" +[root@ids deployment]# tail -30 /var/lib/pgsql/data/log/postgresql-*.log | grep -i "ids_user" +2025-11-17 17:21:00.789 CET [59154] FATAL: password authentication failed for user "ids_user" +2025-11-17 17:21:00.789 CET [59154] DETAIL: User "ids_user" does not have a valid SCRAM secret. +2025-11-17 17:22:28.055 CET [59160] FATAL: password authentication failed for user "ids_user" +2025-11-17 17:22:28.055 CET [59160] DETAIL: User "ids_user" does not have a valid SCRAM secret. +2025-11-17 17:23:42.513 CET [59171] FATAL: password authentication failed for user "ids_user" +2025-11-17 17:23:42.513 CET [59171] DETAIL: User "ids_user" does not have a valid SCRAM secret. +2025-11-17 17:26:40.293 CET [59224] ERROR: role "ids_user" cannot be dropped because some objects depend on it +2025-11-17 17:26:40.293 CET [59224] STATEMENT: DROP USER IF EXISTS ids_user; +2025-11-17 17:26:40.293 CET [59224] ERROR: role "ids_user" already exists +2025-11-17 17:26:40.293 CET [59224] STATEMENT: CREATE USER ids_user WITH PASSWORD 'TestPassword123'; +2025-11-17 17:27:06.520 CET [59226] FATAL: password authentication failed for user "ids_user" +2025-11-17 17:27:06.520 CET [59226] DETAIL: User "ids_user" does not have a valid SCRAM secret. \ No newline at end of file