On an endpoint, sesu has been configured to replace su. However, when sesu is called, it does not ask for a password.
Privileged Identity Manager 12.8 SP1
PAM Server Control 14.0, 14.1.x
There are two tokens in seos.ini that determine if sesu requests a password. The token request_target_password will have sesu ask for the target user's password while the token UseInvokerPassword will have sesu ask for the invoking user's password when called.
If the invoking user's password is required:
1- Stop PIM/PAMSC daemons.
2- Use the following seini command to set the token.
# seini -s sesu.UseInvokerPassword yes
3- Start the daemons again.
If the target user's password is required:
1- Stop PIM/PAMSC daemons.
2- Use the following seini commands to set the tokens. The token old_sesu must be set to no in order for request_target_password to take effect.
# seini -s sesu.old_sesu no
# seini -s sesu.request_target_password no
3- Start PIM/PAMSC daemons.