Cybersecurity

Is it possible, either by software solution or configuration, to provision a single user account that has different passwords depending on what group of servers it is attempting to connect to?

We have a dev, sit, uat, and production environment. They want to be able to set passwords in dev for specific users, differently than they would be in production... This is a service account used by applications only. My initial suggestion was to create service accounts locally, and provision the access to users via sudo. That solution isn't gaining much traction yet, so any idea would be appreciated. Thanks in advance.

Give each of your four environments its own set of LDAP servers. In this day of virtual servers it's not that expensive.

Appreciate the feedback. That has definitely been considered, but apparently also gunned down as not "cost effective". I my initial plan is what I need to stick with. I just need to convince the management this is the better approach. I suspect that if I draft out the cost of 4 LDAP servers and the time required to manage those servers will be a compelling argument... or maybe if they really want it, they'll pony up the cash.