Why the User Name for Primary and Backup DSNs must be different for strong auth and risk auth databases

Document ID : KB000115725
Last Modified Date : 25/09/2018
Show Technical Document Details
Introduction:

This document explains why we  recommend to have different usernames for primary and secondary databases and how the username and passwords are stored in securestore.enc file.
 

Question:
Why CA  recommends to have different username for primary and secondary databases while configuring the database for Strong Authentication server and Risk Authentication server ?
Environment:
Products
•            CA Risk Authentication
•            CA Strong Authentication
Releases
•            CA Risk Authentication    : Release 7.x,8.x,9.x
•            CA Strong Authentication : Release 7.x,8.x,9.x
Components
•            RiskMinder(Arcot RiskFort):RSKFRT, WEBFRT
 
Answer:
While configuring the databases for Advanced Authentication servers, we are prompted to enter the database details. It is recommended to have different username for primary and secondary databases during this time. We store the master key and the required details to establish connection to database, are stored in securestore.enc. These required details include: dsn name, user name and database password. These parameters are stored as key value pairs. i.e., dsnname will be the key, and database password is the value. Similarly, username will be the key and database password as value.

At the time of starting up, Advanced Authentication servers reads the securestore.enc file to get the user details and password, then establishes connection with database.
So, if we have same user name for both primary and secondary databases, it would not be possible to store two sets of users&passwords with same key, i.e. with username.

However, If the username and password are same for both primary and secondary, then there will be no issue to have the same user name.