Password for config and super is known to the PAM administrators and stored with them for emergency login purpose. Is there any recommendation from Broadcom on storing the super and config passwords so that it can be retrieved during emergency situation and without being known/stored locally by administrators?
Release : PAM
Component : All versions
Super account password can't be rotated internally in CA PAM. The reason is that if you are able to rotate the password for the super user and if there is a situation where you not able to connect with CA PAM with any other user accounts and need to login with 'super' then the password would not be known to any person.