Usual process also on installation is
cskeys on every node.
cspasswd on every node
mcsSetConfig CrossEngineSupport Password on every node
cskeys creates a key on /var/lib/columnstore/.secrets
cspasswd creates an encrypted passwordstring based on this key.
mcsSetConfig write the encrypted passwordstring to Columnstore.xml
This works properly,
but if a change was done on Columnstore.xml (usually on node 1),
the Columnstore.xml will be distributed to all nodes,
but not the key.
Afterwards we have the situation, that
keys ( /var/lib/columnstore/.secrets) are different on every node,
but encrypted passwordstring in Columnstore.xml are the same on all nodes, based on the key on node1.
If Columnstore distribute Columnstore.xml, it have also to distribute /var/lib/columnstore/.secrets (if any),
if Section:CrossEngineSupport Value:Password was changed in Columnstore.xml