After enabling and configuring sesu, users are prompted for a password multiple times.
# sesu nonrootuser
Please enter your password:
In seos.ini there are 2 options related to how sesu requests passwords. When both of these flags are enabled they will both be requested when sesuing to a non-root user.
request_target_password: This token determines whether when the old_sesu token is set to no and the user is executing sesu to a non-root user, the password of the target user will be requested.
UseInvokerPassword: A Boolean value that determines whether sesu requests the invokers to specify their own passwords.
CA PIM Linux/UNIX endpoint with sesu feature enabled
The final resolution here would depend on the requirements for accessing the effected system. The UseInvokerPassword and request_target_password functionalities should be evaluated to determine which (if any) should be enabled. Once proper settings are determined, both values should be explicitly enabled or disabled in seos.ini.
NOTE: Commenting out the token is not the same as explicitly disabling it because these tokens have default values. request_target_password specifically defaults to yes.
seos.ini editing instructions:
SESU Configuration Documentation:
SESU Token Documentation: