sewhoami does not produce an output in CA PIM
search cancel

sewhoami does not produce an output in CA PIM


Article ID: 40608


Updated On:


CA Virtual Privilege Manager CA Privileged Identity Management Endpoint (PIM) CA Privileged Access Manager (PAM)


The user logs in with the id and sewhoami returns nothing. sewhoami -a returns "_undefined"
sebuildla -a (building a lookaside table) also does not help the user identification issue.
sesu will also result in "sesu: Cannot determine current user name."

[user@hostname]$ ./sewhoami


[user@hostname]$ ./sesu root

[user@hostname]$ sesu: Cannot determine current user name.



CA PIM 12.9, 12.8.1 and CA PAM SC

Redhat RHEL 6.6


The issue can be a derivative of LDAP not having account enumeration set in the environment so PIM is unable to keep tabs on the user so you will lose the ability to sesu and sewhoami will yield no response. Another issue that may arise is a 64-bit SSSD library installed and without a 32-bit library present, no 32-bit application will be able to utilize it i.e. PIM 32-bit version.


The ways to correct this are:

-ensure auth_login = PAM in the seos.ini is set along with the setting loginappl to use PAM


-user data enumeration not being enabled in the SSSD backend

-They need to install the 32-bit libnss_sss library to allow 32-bit processes to retrieve user and group information, library sssd-client.i686