Copyright © SEP AG 1999-2022. All rights reserved.
Any form of reproduction of the contents or parts of this manual is allowed only with the express written permission from SEP AG. When compiling and designing user documentation SEP AG uses great diligence and attempts to deliver accurate and correct information. However, SEP AG cannot issue a guarantee for the contents of this manual.
Troubleshooting SEP sesam authentication
After updating to SEP sesam version 5.0.0.x, no user other than the special user Administrator (Windows) or root (Linux) is elevated to Superuser
- After updating SEP sesam to version ≥ 5.0.0 Jaglion, the GUI complains that superuser rights are required, but only Administrator rights are listed for this GUI user. The Administrator user is not elevated to Superuser and access to the GUI is not possible without authentication.
- This is the normal behavior for Java policy authentication. After the initial installation of SEP sesam, no user other than the default Superuser is configured. As the name implies, the permissions of the Superuser account are unrestricted. As of 5.0.0 Jaglion, the Superuser is the only user type with full control over the SEP sesam environment. It is automatically assigned exclusively to the Administrator user when database-based authentication is enabled. If policy-based authentication is enabled, this user type with Superuser rights is assigned to Administrator (on Windows and Linux), root (Linux only) and sesam user. For more details, see User Roles and Permissions and About Authentication and Authorization.
If you use policy-based authentication (sm_java.policy) and log in from localhost, you can gain Superuser rights if your username is not listed in sm_java.policy. This is possible if the localFullAccess parameter is enabled (set to true in the
<SESAM_ROOT>/var/ini/sm.ini file). There is no such workaround for database-based authentication, as only Administrator (on Windows and Linux) and root (Linux only) can become Superuser.
About Authentication and Authorization – Configuring Database-Based Authentication – Configuring LDAP/AD Authentication – Configuring Policy-Based Authentication – Configuring Certificate-Based Authentication – User Roles and Permissions – Using Access Control Lists