Hello!
How do you manage your functional accounts - domain as well as local ?
Domain:
I think it will be easier to manage and enable auto-rotation at more frequent intervals. I think we have to be careful about the managed account rotation while scheduling this. Are there any other risks to availability ?
Local functional account:
This is tricky. e.g. for linux systems we will have a localfa added to Passwordsafe. Its initial password remains constant in passwordsafe - so that it can onboard new systems. What would happen if we enable rotation on it ? The initial password of functional account will remain same so that it can onboard other machines but on existing machines , each system will have its own password for localfa and that same password will be used to rotate its password on schedule? What are the possible risks to Availability in this case ? Is