PAM core design is to allow users to checkout only one credential per resource but we would like to have it that a user can check out multiple credentials per each resource.
Also we would like to be able to view the list of credentials which are available for check out.
I was pointed here through a support request, and this idea is close enough for me to add on to it:
My scenario requires me to assign specific credentials to specific framework users.
The goal is to enforce credential checkouts for Active Directory admin accounts through PAM, so we can make sure passwords are randomized upon check-in.
Unfortunately, all of these admin accounts belong specific people due to different requirements in privileges. That is why I can not simply adjust the privileges of these accounts so they end up interchangeable.