We're encountering a new challenge where our KDC/AD administrators have observed that IBM Kerberos principal account passwords are not being regularly changed. To address this, we intend to utilize commands such as CHGKRBPWD, RMVKRBKTE, and ADDKRBKTE and store encrypted passwords somwhere onto IFS. However, it's possible that someone has already implemented a similar solution and would be willing to share it, preferably utilizing Ansible.
Would anyone who has experience with this be willing to provide guidance or share their implementation?
I've checked IBM LAB Security Services offering and I did not find any tool available.
------------------------------
Krzysztof Jarzynski
------------------------------