Policy Server Host Connections to pblocald

When a policy server host accepts a request, it tries to connect to pblocald on the run host. This connection is controlled by the localport setting for TCP/IP connections or by the pblocaldcommand setting for local connections.

localport

  • Version 4.0.0 and later: localport setting available.

The value of the localport setting is used in two cases:

  • For a policy server host, this setting specifies the well-known port for pblocald.
  • For a standalone local daemon, if the port is not specified on the command line, then the value of this setting is used.
The value of this setting follows the guidelines in Port Specifications.

The port numbers for Privilege Management for Unix and Linux daemons must use the non-reserved system ports. The allowed port numbers are 1024 to 65535 (inclusive).

The following order is used to determine the port for pblocald:

  1. The value of localport
  2. The pblocald entry in services
  3. Port 24346

This keyword does not apply to pbssh. If it is present in the settings file, it does not have any effect on pbssh and is ignored.

localport 12345
localport pblocald
localport 24346
  • Policy server hosts
  • Run hosts

pblocaldcommand

  • Version 4.0.0 and later: pblocaldcommand setting available.

If the policy server host and the run host are the same machine, then you can specify the path and arguments to pblocald. Doing so eliminates the overhead of forming a connection between pbmasterd and pblocald. If the command line contains spaces, then you must enclose the entire command line in quotation marks.

This keyword does not apply to pbssh. If it is present in the settings file, it does not have any effect on pbssh and is ignored.

pblocaldcommand "/usr/sbin/pblocald -s"

No default value

Policy server hosts