MS SQLServer compound accounts not working in Password Authority

book

Article ID: 131840

calendar_today

Updated On:

Products

CA Privileged Access Manager - Cloakware Password Authority (PA) PAM SAFENET LUNA HSM CA Privileged Access Manager (PAM)

Issue/Introduction

Using the  compound account feature for a MSSQL database account, the account is verified on both servers but the actual password verified field shows “unverified”. 

The instructions to set up a compound account are to use one server as the main server, and add additional servers as compound servers. 

Cause

Compound account rotation does not work in Password Authority for MSSQL target accounts, when set up according to the documentation. 

Environment

Password Authority 4.5.3.10

Resolution

There is a work around: Use a dummy server as the host and list all the real servers in the section for compound account servers. 
The dummy server does not have to exist anywhere, it is simply used as the main server for the MSSQL application. 
See the attached Word document for screenshots of the setup.

Additional Information

Note there is only one place to specify the port, on the target application page.   The default port is 1433. 
This work around assumes that each target database server is reached through the same port.
It is an enhancement request to allow different ports for different targets listed in the compound server section.

Attachments

1558537219132MSSQL_compound_accounts.docx get_app