Rotating stored passwords
The crotatepasswd command rotates the password for the specified account from Privileged Access Service. The account can be a system, domain, or database account.
-
If you execute crotatepasswd specifying the -f option, it ignores any password checkouts and force a password rotation.
-
To run the crotatepasswd command, you must be logged in as root and the computer where you run crotatepasswd must be registered in Privileged Access Service and the Application-to-Application Password Management feature must be enabled.
-
As a suggestion, during downtime, have a script execute crotatepasswd. If crotatepasswd succeeds, have the script then call cgetaccount to get the freshly-rotated password.
-
You can force a password rotation for the account "user" on "DOMAIN1" and ignore any password checkouts by running a command such as: crotatepasswd -T domain -f DOMAIN1/user.