MS SQLServer compound accounts not working in Password Authority
book
Article ID: 131840
calendar_today
Updated On:
Products
CA Privileged Access Manager - Cloakware Password Authority (PA)PAM SAFENET LUNA HSMCA Privileged Access Manager (PAM)
Issue/Introduction
Using the compound account feature for a MSSQL database account, the account is verified on both servers but the actual password verified field shows “unverified”.
The instructions to set up a compound account are to use one server as the main server, and add additional servers as compound servers.
Cause
Compound account rotation does not work in Password Authority for MSSQL target accounts, when set up according to the documentation.
Environment
Password Authority 4.5.3.10
Resolution
There is a work around: Use a dummy server as the host and list all the real servers in the section for compound account servers. The dummy server does not have to exist anywhere, it is simply used as the main server for the MSSQL application. See the attached Word document for screenshots of the setup.
Additional Information
Note there is only one place to specify the port, on the target application page. The default port is 1433. This work around assumes that each target database server is reached through the same port. It is an enhancement request to allow different ports for different targets listed in the compound server section.