Let’s suppose a disaster happened and the credentials (e.g. root, administrator) are all stored on PAM. To avoid any dependency of someone knowing each credential, it would be good to have a way to obtain them from PAM, extracting them to a text file for example using a kind of “master key”.
With this list of credentials, a Windows and Linux admins can logon directly on each system and recover properly each system.
I understand that after the disaster, as the credentials were uncovered and other people know them, PAM admin would need to change them on PAM according to the new credential value for each system. Or maybe PAM could find a way to go directly on each server and then change automatically the root/admin passwords to a new one.