sesu Requests Password Twice

Document ID : KB000076593
Last Modified Date : 06/04/2018
Show Technical Document Details
After enabling and configuring sesu, users are prompted for a password multiple times.

# sesu nonrootuser
Please enter your password:
CA PIM Linux/UNIX endpoint with sesu feature enabled
In seos.ini there are 2 options related to how sesu requests passwords. When both of these flags are enabled they will both be requested when sesuing to a non-root user.

request_target_password: This token determines whether when the old_sesu token is set to no and the user is executing sesu to a non-root user, the password of the target user will be requested.

UseInvokerPassword: A Boolean value that determines whether sesu requests the invokers to specify their own passwords.
The final resolution here would depend on the requirements for accessing the effected system. The UseInvokerPassword and request_target_password functionalities should be evaluated to determine which (if any) should be enabled. Once proper settings are determined, both values should be explicitly enabled or disabled in seos.ini. 

NOTE: Commenting out the token is not the same as explicitly disabling it because these tokens have default values. request_target_password specifically defaults to yes.

seos.ini editing instructions: 
  1. Stop PIM daemons: # secons -s
  2. Either manually edit the seos.ini file or use commands like the examples below to edit:
    # seini -s sesu.UseInvokerPassword yes
    # seini -s sesu.
    request_target_password no
  3. Reload PIM daemons: # seload
Additional Information:
SESU Configuration Documentation:

SESU Token Documentation: