We have many Mikrotiks, we have several administrators. Administrators can come and go, and I'd prefer to not share the passwords between devices between everyone if possible.
Radius authentication is not actually practical, because usually when we are admining the device it has some issue... needs a reboot, or is CPU maxing etc, or perhaps is having some type of issue that might affect its ability to do Radius auth.
Iows, I want to replicate /users on a daily basis to all my devices for a list of users, and anything not in my "leave" list, delete.
So whats another practical way to replicate users to our devices to the local database users?
We could have a "unique" password per device to the dude to use, and we could have another password that is device specific (both keyed in by a particular "trusted" user), and the rest updated daily?
I already have a custom app that connects on a daily basis to these boxes via SSH from the outside world, but looking for any other perspectives out there.