Currently it is required to configure an engine ID used to hash the auth/privacy key. This mechanism only works when it is repeatedly hased with the global system engineid, which makes the user engineid redundant.
We should have a confg migration script which deletes the users engineid from the running config.