diff --git a/community/dbms/src/main/java/org/neo4j/server/configuration/ConfigLoader.java b/community/dbms/src/main/java/org/neo4j/server/configuration/ConfigLoader.java
index 45de895d6bdd..9a9e0b77a7de 100644
--- a/community/dbms/src/main/java/org/neo4j/server/configuration/ConfigLoader.java
+++ b/community/dbms/src/main/java/org/neo4j/server/configuration/ConfigLoader.java
@@ -89,9 +89,5 @@ private Map<String, String> toMap( Pair<String, String>[] configOverrides )
     private static void overrideEmbeddedDefaults( Map<String, String> config )
     {
         config.putIfAbsent( GraphDatabaseSettings.auth_enabled.name(), "true" );
-
-        String dataDirectory = config.getOrDefault( data_directory.name(), data_directory.getDefaultValue() );
-        config.putIfAbsent( GraphDatabaseSettings.auth_store.name(),
-                new File( dataDirectory, "dbms/auth" ).toString() );
     }
 }
diff --git a/community/security/src/main/java/org/neo4j/commandline/admin/security/SetPasswordCommand.java b/community/security/src/main/java/org/neo4j/commandline/admin/security/SetPasswordCommand.java
index 215b120fd8e8..9146a75d669d 100644
--- a/community/security/src/main/java/org/neo4j/commandline/admin/security/SetPasswordCommand.java
+++ b/community/security/src/main/java/org/neo4j/commandline/admin/security/SetPasswordCommand.java
@@ -37,12 +37,12 @@
 import org.neo4j.logging.NullLogProvider;
 import org.neo4j.server.configuration.ConfigLoader;
 import org.neo4j.server.security.auth.BasicAuthManager;
+import org.neo4j.server.security.auth.BasicAuthManagerFactory;
 import org.neo4j.server.security.auth.BasicPasswordPolicy;
 import org.neo4j.server.security.auth.FileUserRepository;
 import org.neo4j.server.security.auth.PasswordPolicy;
 
 import static java.time.Clock.systemUTC;
-import static org.neo4j.dbms.DatabaseManagementSystemSettings.auth_store_directory;
 
 public class SetPasswordCommand implements AdminCommand
 {
@@ -102,9 +102,8 @@ public void execute( String[] args ) throws IncorrectUsage, CommandFailed
         try
         {
             Config config = loadNeo4jConfig( homeDir, configDir );
-            File authDir = config.get( auth_store_directory );
-            FileUserRepository userRepository =
-                    new FileUserRepository( new File( authDir, "auth" ).toPath(), NullLogProvider.getInstance() );
+            Path userStoreFile = BasicAuthManagerFactory.getUserStoreFile( config );
+            FileUserRepository userRepository = new FileUserRepository( userStoreFile, NullLogProvider.getInstance() );
             userRepository.start();
             PasswordPolicy passwordPolicy = new BasicPasswordPolicy();
             BasicAuthManager authManager = new BasicAuthManager( userRepository, passwordPolicy, systemUTC() );
diff --git a/community/security/src/main/java/org/neo4j/server/security/auth/BasicAuthManagerFactory.java b/community/security/src/main/java/org/neo4j/server/security/auth/BasicAuthManagerFactory.java
index 2280244aa715..270cc4cb5284 100644
--- a/community/security/src/main/java/org/neo4j/server/security/auth/BasicAuthManagerFactory.java
+++ b/community/security/src/main/java/org/neo4j/server/security/auth/BasicAuthManagerFactory.java
@@ -19,6 +19,10 @@
  */
 package org.neo4j.server.security.auth;
 
+import java.io.File;
+import java.nio.file.Path;
+
+import org.neo4j.dbms.DatabaseManagementSystemSettings;
 import org.neo4j.graphdb.factory.GraphDatabaseSettings;
 import org.neo4j.helpers.Service;
 import org.neo4j.kernel.api.security.AuthManager;
@@ -34,6 +38,23 @@
 @Service.Implementation( AuthManager.Factory.class )
 public class BasicAuthManagerFactory extends AuthManager.Factory
 {
+    private static final String USER_STORE_FILENAME = "auth";
+
+    public static Path getUserStoreFile( Config config )
+    {
+        // Resolve auth store file names
+        File authStoreDir = config.get( DatabaseManagementSystemSettings.auth_store_directory );
+
+        // Because it contains sensitive information there is a legacy setting to configure
+        // the location of the user store file that we still respect
+        File userStoreFile = config.get( GraphDatabaseSettings.auth_store );
+        if ( userStoreFile == null )
+        {
+            userStoreFile = new File( authStoreDir, USER_STORE_FILENAME );
+        }
+        return userStoreFile.toPath();
+    }
+
     public interface Dependencies
     {
         Config config();
@@ -54,8 +75,8 @@ public AuthManager newInstance( Config config, LogProvider logProvider )
                     "configuration setting auth_enabled=false" );
         }
 
-        final UserRepository userRepository =
-                new FileUserRepository( config.get( GraphDatabaseSettings.auth_store ).toPath(), logProvider );
+        final Path userStoreFile = getUserStoreFile( config );
+        final UserRepository userRepository = new FileUserRepository( userStoreFile, logProvider );
 
         final PasswordPolicy passwordPolicy = new BasicPasswordPolicy();
 
diff --git a/enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/EnterpriseAuthManagerFactory.java b/enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/EnterpriseAuthManagerFactory.java
index de402ddaf879..1400cee390b8 100644
--- a/enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/EnterpriseAuthManagerFactory.java
+++ b/enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/EnterpriseAuthManagerFactory.java
@@ -22,11 +22,11 @@
 import org.apache.shiro.realm.Realm;
 
 import java.io.File;
+import java.nio.file.Path;
 import java.util.ArrayList;
 import java.util.List;
 
 import org.neo4j.dbms.DatabaseManagementSystemSettings;
-import org.neo4j.graphdb.factory.GraphDatabaseSettings;
 import org.neo4j.helpers.Service;
 import org.neo4j.kernel.api.security.AuthManager;
 import org.neo4j.kernel.configuration.Config;
@@ -39,6 +39,7 @@
 import org.neo4j.server.security.auth.UserRepository;
 
 import static java.time.Clock.systemUTC;
+import static org.neo4j.server.security.auth.BasicAuthManagerFactory.*;
 
 /**
  * Wraps EnterpriseAuthManager and exposes it as a Service
@@ -46,7 +47,6 @@
 @Service.Implementation( AuthManager.Factory.class )
 public class EnterpriseAuthManagerFactory extends AuthManager.Factory
 {
-    private static final String USER_STORE_FILENAME = "auth";
     private static final String ROLE_STORE_FILENAME = "roles";
 
     public EnterpriseAuthManagerFactory()
@@ -83,22 +83,14 @@ public AuthManager newInstance( Config config, LogProvider logProvider )
         return new MultiRealmAuthManager( internalRealm, realms );
     }
 
-    private InternalFlatFileRealm createInternalRealm( Config config, LogProvider logProvider )
+    private static InternalFlatFileRealm createInternalRealm( Config config, LogProvider logProvider )
     {
-        // Resolve auth store file names
+        // Resolve auth store and roles file names
+        Path userStoreFile = getUserStoreFile( config );
         File authStoreDir = config.get( DatabaseManagementSystemSettings.auth_store_directory );
-
-        // Because it contains sensitive information there is a legacy setting to configure
-        // the location of the user store file that we still respect
-        File userStoreFile = config.get( GraphDatabaseSettings.auth_store );
-        if ( userStoreFile == null )
-        {
-            userStoreFile = new File( authStoreDir, USER_STORE_FILENAME );
-        }
         File roleStoreFile = new File( authStoreDir, ROLE_STORE_FILENAME );
 
-        final UserRepository userRepository =
-                new FileUserRepository( userStoreFile.toPath(), logProvider );
+        final UserRepository userRepository = new FileUserRepository( userStoreFile, logProvider );
 
         final RoleRepository roleRepository =
                 new FileRoleRepository( roleStoreFile.toPath(), logProvider );