- Version 3.5 and earlier: Optimized run mode not available.
- Version 4.0 and later: Optimized run mode available.
In optimized run mode, after pbmasterd has accepted a request, the specified task runs directly on the submit host, without invoking pblocald. This feature enables the administrator to use pbmasterd to validate a command, log the commands that were started in the event log, and log the I/O streams for the secured task. The optimized run mode also reconfirms the password, performs time-out processing, and logs the status.
The following figure illustrates the processing when Privilege Management for Unix and Linux is running in the optimized run mode:
Optimized run mode is enabled when all of the following conditions are met:
- The policy server host is configured to use a log server.
- The values of the submithost and runhost variables must be equal.
- pbrun is invoked without the --disable_optimized_runmode command line option.
- pbmasterd is invoked without the --disable_optimized_runmode command line option.
- The settings file on the submit host has the clientdisableoptimizedrunmode setting set to no.
- The settings file on the policy server host has the masterdisableoptimizedrunmode setting set to no.
- The policy sets the runoptimizedrunmode variable to true.