Information on sischeckpwd utility.
The file "sischeckpwd" has the UID Bit set and the user sisips can run this binary with root permissions:
/opt/Symantec/sdcssagent/IPS/bin/sischeckpwd -rwsr-x--x 1 root sisips
The sischeckpwd tool uses system library “libpam.so” - Pluggable Authentication Modules (PAM) to authenticate a user. This is a system library which we integrated in sischeckpwd tool. The PAM module itself is asking the password and validating it. It is an independent application to check user authentication. This is the reason why the tool must be run with root permission. The sischeckpwd is also used by sisipsoverride tool in order to disable the prevention temporarily.