Documentation

Host name verification

Suggest Edits

nameresolutiontimeout

  • Version 5.1.1 and earlier: nameresolutiontimeout setting not available.
  • Version 5.1.2 and later: nameresolutiontimeout setting available.

EPM-UL attempts to obtain fully qualified domain names when a pblogd, pbksh, pbsh, pblocald, pbmasterd, or pbrun session is started. The nameresolutiontimeout setting defines the timeout period, in seconds, to be used for the request to expire. The timeout period is an approximate time for the daemon (pbmasterd, pblocald, pblogd) to time out.

Setting nameresolutiontimeout to 0 disables this feature. The allowed timeout values range from 1 to 7200 seconds.

Example

nameresolutiontimeout 30

Default

nameresolutiontimeout 0

Used on

  • pblocald, pbksh, pbsh, pbrun
  • pblogd, pbmasterd

shortnamesok

  • Version 4.0.0 and later: shortnamesok setting available.

EPM-UL attempts to obtain fully qualified domain names for all hosts that are involved in a task request. If some of the name services return fully qualified names but others return only short names, you can instruct EPM-UL to check only the short name by setting shortnamesok to yes.

⚠️

Important

This option is intended as a temporary measure for discrepancies in a system’s name services. This option decreases security because it permits a partial name match (for example, two machines in different domains with the same short name would match). It is preferable to make the name services consistent whenever possible.

Example

shortnamesok yes

Default

shortnamesok no

Used on

  • Log hosts
  • Policy server hosts
  • Submit hosts
  • Run hosts

validatemasterhostname

  • Version 3.5 and earlier: validatemasterhostname setting not available.
  • Version 4.0 and later: validatemasterhostname setting available.

The validatemasterhostname setting enables the system administrator on the run host to perform an additional validation of the policy server host’s name against the run host’s name services. This action is done by looking up the connecting host’s IP address and checking the run host’s name services to see if it matches the masterhost variable that was looked up on the policy server host. When set to yes, the request is rejected if the names do not match.

ℹ️

Note

This keyword does not apply to pbssh. If it is present in the settings file, it does not have any effect on pbssh and is ignored.

Example

validatemasterhostname yes

Default

validatemasterhostname no

Used on

Run hosts

validateclienthostname

  • Version 3.5 and earlier: validateclienthostname not available.
  • Version 4.0 and later: validateclienthostname setting available.

The validateclienthostname setting enables the system administrator on the policy server host to perform an additional validation of the submit host’s name against the policy server host’s name services. This action is done by looking up the connecting host’s IP address and checking the policy server’s name services to see if it matches the clienthost variable that was looked up on the submit host. When set to yes, the request is rejected if the names do not match.

Example

validateclienthostname yes

Default

validateclienthostname no

Used on

Policy server hosts

Updated 5 days ago

©2003-2025 BeyondTrust Corporation. All Rights Reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.