Root user might have password policy attached forcing periodic password rotation (password_expires_at attribute). It would be cool to respect it and do automatic password rotation when expiration is close. Few options:
a) on every usage of the root account analyze attribute (danger of missing time)
b) on any usage read the prop and remember it (to "schedule" pwd rotation) (danger of getting unsynced to the actual password_expires_at)
c) once pwd expired rotate it (danger of getting locked and requiring other user to force unlock)
I personally prefer option a)
time to expiration (when pwd should be rotated) should be configurable
Root user might have password policy attached forcing periodic password rotation (password_expires_at attribute). It would be cool to respect it and do automatic password rotation when expiration is close. Few options:
a) on every usage of the root account analyze attribute (danger of missing time) b) on any usage read the prop and remember it (to "schedule" pwd rotation) (danger of getting unsynced to the actual password_expires_at) c) once pwd expired rotate it (danger of getting locked and requiring other user to force unlock)
I personally prefer option a)
time to expiration (when pwd should be rotated) should be configurable