search cancel

PAMSC PIM v12.81 on Sun 11.3 failed to authentication LDAP user in sesu session

book

Article ID: 143188

calendar_today

Updated On:

Products

CA Virtual Privilege Manager CA Privileged Identity Management Endpoint (PIM)

Issue/Introduction

ldap users cannot switch (sesu) to a functional id while local users can

please take a look at user bob trying to switch to functional id bob2

I am attaching log extracts as well as support tarball for the server

 

[[email protected]_DEV ~]#uname -a

SunOS xxxxxxx 5.11 11.3 sun4v sparc sun4v

[[email protected]_DEV ~]#issec

CA ControlMinder version 12.8 installed in /opt/seos

VeRsIoN: 12.81-0 (3476) Compiled On:Jun 22 2019 03:08:51 _SOLARIS211.SUN4V  STOP 30034

CA ControlMinder kernel extension is loaded.

CA ControlMinder security daemon is running, pid=21957 (security)

CA ControlMinder watchdog daemon is running, pid=21969 (watchdog)

CA ControlMinder agent daemon is running, pid=21961 (agent)

CA ControlMinder serevu daemon is not running.

CA ControlMinder selogrd daemon is not running.

CA ControlMinder selogrcd daemon is not running.

CA ControlMinder eacws daemon is not running.

CA ControlMinder ReportAgent daemon is not running.

CA ControlMinder AgentManager daemon is not running.

CA ControlMinder policyfetcher daemon is not running.

CA ControlMinder KBLAudMgr daemon is not running.

CA ControlMinder auxiliary daemon is not running.

 

Environment

Release : 12.8

Component : CA ControlMinder

Resolution

It was found that /var/ldap/cert8.db and /var/ldap/key3.db did not have read permissions for other.