Steps to configure sesu With Password Authentication
search cancel

Steps to configure sesu With Password Authentication

book

Article ID: 233797

calendar_today

Updated On:

Products

CA Privileged Identity Management Endpoint (PIM)

Issue/Introduction

On an endpoint, sesu has been configured to replace su. However, when sesu is called, it does not ask for a password.

Environment

Privileged Identity Manager 12.8 SP1
PAM Server Control 14.0, 14.1.x

Resolution

There are two tokens in seos.ini that determine if sesu requests a password. The token request_target_password will have sesu ask for the target user's password while the token UseInvokerPassword will have sesu ask for the invoking user's password when called.

If the invoking user's password is required:
1- Stop PIM/PAMSC daemons.
2- Use the following seini command to set the token.
# seini -s sesu.UseInvokerPassword yes
3- Start the daemons again.

If the target user's password is required:
1- Stop PIM/PAMSC daemons.
2- Use the following seini commands to set the tokens. The token old_sesu must be set to no in order for request_target_password to take effect.
# seini -s sesu.old_sesu no
# seini -s sesu.request_target_password no
3- Start PIM/PAMSC daemons.