The runconfirmuser variable controls whether or not a user must correctly enter a password before the current task request is executed. When this variable is set, the submitting user is prompted for the password that is associated with the run host user name that is set in this variable.
The variable runconfirmmessage determines the password prompt that is displayed to the user after the policy is finished, but before the run host starts the command request. When setting runconfirmuser, it is a good idea to set runconfirmmessage.
If the user fails in three attempts to submit the correct password, the secured task request is not executed. Because the secured task has already been accepted, the Privilege Management for Unix and Linux event log records an exit status of ConfirmUser <username> failed.
There is no read-only version of this variable.
This run variable does not apply to pbssh. If it is present in the policy, it does not have any effect on pbssh and is ignored.
runconfirmuser = user;
A string that contains a user name that is present on the run host (as specified in the runhost variable), for which a password must be supplied before the current task request can be run. The default value is empty, which indicates this password check will not be performed.
runconfirmuser = "sandy";