A common configuration that requires the password of the target (not what we want):
Defaults targetpw
ALL ALL=(ALL) ALL
The second line would read out loud like:
"ALL users on ALL hosts can impersonate (ALL) users when executing ALL commands."
and the Defaults targetpw means that they need to know the password of the user they are impersonating to do so.
Naively changing this simple config to:
Defaults rootpw
wouldn't leave any user or group with the privilege to run commands as another user.
One working possibility would be:
Defaults rootpw
myuser ALL=(ALL) ALL
In plain English, myuser now has the ability to run ALL commands as any user on ALL hosts, so long as the root password is known.
Another working possibility would be:
Defaults rootpw
%sudousers ALL=(ALL) ALL
Any member of the sudousers group will have the ability to run ALL commands as any user on ALL hosts, so long as the root password is known. To allow myuser to run sudo commands, sudousers would need to be added to its secondary groups.
su
usermod -a -G sudousers myuser
exit