Logging into a server protected with PAM SC and issuing
instead of the expected behaviour, whereby the password for the user is requested before switching to root, it goes straight in to root.
When this is happening, doing sewhoami -a before or after sesu - shows the user issuing the command to be already root and not the original user as it would be expected
However, if one has a session opened to the same server, and PAMSC is restarted then it works as intended in the first session and the correct behaviour remains for as long as the session is not closed
Release : 14.1 and possibly other releases
Analysis of the traces shows that most processes are forked from sshd running in the server, so if sshd is not working properly (due to restarts or other interferences) it is possible that it allows this root access
Restarting sshd in the server may restore the correct behaviour.
However, if this is observed on a regular basis, investigation onto the behaviour of sshd should be carried out as there may be another underlying problem causing it not to work properly