Allow user1 to 「su - user2」 with

current user caleb
target login user olivia
allow user caleb to switch to user olivia without password

su - olivia

-, -l, --login
           Provide an environment similar to what the user would expect had the user
           logged in directly.

           When - is used, it must be specified before any username. For portability
           it is recommended to use it as last option, before any username. The other
           forms (-l and --login) do not have this restriction.

Add the following lines right below the auth sufficient pam_rootok.so line in your /etc/pam.d/su:

auth       [success=ignore default=1] pam_succeed_if.so user = olivia
auth       sufficient   pam_succeed_if.so use_uid user = caleb