Forum Discussion
Kai_Wilke
Jan 15, 2016MVP
Hi Nikolay,
If I where you, then I would turn the DB accounts into shadow accounts.
I would change the passwords of the DB to a value which is unknown to end users, but known by your APM (using datagroups or by using a strong and fixed password for every DB user). Then inject those DB credentials during APM logon into the session and use them whenever the user requests content from the application servers.
AD Account => APM Session => DB Account
By doing this the users would still login to your F5 using your AD credentials and every application. And they could change the AD password as usual and as often they want. But without the need for manual or automatic password replication...
Cheers, Kai