Why is the encrypted admin password is different for each policy server?

book

Article ID: 38261

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) AXIOMATICS POLICY SERVER CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

 Introduction: 

The AdminPW for the policy store defined in the sm.registry is different between servers. However, they can all connect to the policy store. The value stored in the

sm.registry file is encrypted with the encryption key entered at installation time and that key should be the same for all servers that share a policy store.

Question: 

Why the encrypted admin password is different for each policy server?

Environment:  

Windows/Linux/Unix

Answer: 

If it was the same password on every server it would be a security violation because you would compare hash values. 

Encoding would just substitute a value for another value encrypting is the actual obfuscating the actual value so it can't be discovered. 

The reason is every policy server environment has the same encryption key. However the hash value can look different.

The reason being they are encrypted and not encoded. The same would apply to the admin directory password” "adminpassword" 

If the password is the same, shouldn't the encrypted/hashed value be the same also? The answer to this is no. 

Before encryption, the key is prefixed with one block of random characters to avoid 

Identical cipher-text when the same value is encrypted several times.

Additional Information:

None

 

 

 

 

Environment

Release:
Component: SMSSO