Typing in a dzdo command, a user is prompted for the proper password. If the incorrect password is entered, the user is prompted for the password a second time. If the password is entered correctly at the second prompt, the following message appears:
dzdo: pam_open_session: Permission denied
dzdo: policy plugin failed session initialization
The dzdo command in Suite 2017 and 2017.1 is built upon stock sudo-1.8.16. This version of sudo includes code that will enforce a security level and treat the dzdo condition with a previously entered bad password as 'fatal failure'. Hence the error message is produced.
This issue is resolved in Centrify DirectControl Agent for *NIX release 2017.2