Documentation

Receive task requests from a policy server daemon

Suggest Edits

Receiving task requests from a policy server daemon, run hosts need to know which policy server daemon to acknowledge. This is controlled by the acceptmasters settings control. Further authentication is possible using the validatemasterhostname setting.

acceptmasters

  • Version 4.0.0 and later: acceptmasters setting available.

The acceptmasters setting specifies incoming connections from the policy server daemon that EPM-UL programs acknowledge.

📘

The policy server hosts in the run host’s acceptmasters list must also be specified in the submit host’s submitmasters or altsubmitmasters lists.

The list can contain:

  • Host names
  • A single asterisk (*) denoting a Registry Name Service lookup
  • Netgroups in the form: 
    +@name
  • Hosts to exclude in the form: 
    -name
  • Netgroups to exclude in the form: 
    -@name
  • DNS SRV lookups, in the form: 
    _<pbul service name>._tcp.<domain name>.[:port=<port>[:interface=<IP or hostname>]]
  • External Programs, in the form: 
    \`/path/to/external/program\`

The order of precedence for the acceptmasters rules is:

  1. Command line for pblocald -m or --accept_masters argument
  2. Setting for acceptmasters
  3. Netgroup for pbacceptmasters

📘

This keyword does not apply to pbssh. If it is present in the settings file, it does not have any effect on pbssh and is ignored.

Example

acceptmasters myhost.mydomain
acceptmasters sparky spot
acceptmasters +@pbacceptmasters
acceptmasters +@pbacceptmasters -@badmasters -badhost

Default

No default value

Used on

Run hosts

allowruntimeoutoverride

  • Version 5.2 and earlier: allowruntimeoutoverride setting not available.
  • Version 6.0 and later: allowruntimeoutoverride setting available.

The allowruntimeoutoverride setting allows a runhost's pb.settings to override a runtimeout value set in the master policy. Each runhost wanting to take advantage of this ability would then set the runtimeout keyword in their own pb.settings. allowruntimeoutoverride must be set to yes to allow this override to occur.

Example

allowruntimeoutoverride yes

Default

allowruntimeoutoverride no

Used on

Policy servers

📘

For more information, see runtimeout.

runtimeout

  • Version 4.0.0 and later: runtimeout setting available.

When the policy server allows runtimeout overrides, the runtimeout keyword is used to set an idle time limit for all secured tasks on this runhost. The runtimeout variable specifies the amount of idle time, in seconds, that the submitting user is allowed before the run host terminates the current request.

📘

The runtimeout keyword is not honored in local mode or pbssh.

The policy server's runtimeoutoverride keyword must be set to yes to allow this override to occur.

Example

runtimeout 600

Default

runtimeout 0

Used on

Run hosts

See also

📘

For more information, see runtimeout.

Updated 5 days ago

©2003-2025 BeyondTrust Corporation. All Rights Reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.