Optimize PAM configs for RADIUS/TACACS+
Closed, ResolvedPublicBUG
Actions

Assigned To

Authored By

	zsdc
	Sep 13 2023, 8:07 AM

Description

Current versions of configurations are not fully correct which leads to needless calls to authentication servers and slowing down command execution.

We need to:

Make each type of authentication self-sufficient (ensure that it does not conflict with others, to avoid extra calls to RADIUS/TACACS+ servers).
Add a new CLI fallback option to control authentication policy - if the authentication source can be skipped in case of failed authentication (_not failed communication_) or we need to fail immediately and avoid skipping to other authentication sources.
Add a new CLI option to define authentication order (local, RADIUS, TACACS+).

Status	Subtype	Assigned	Task
Resolved	BUG	zsdc	T5577 Optimize PAM configs for RADIUS/TACACS+
Open	BUG	zsdc	T5570 PAM config RADIUS ignore for default and seccess
Resolved	BUG	Viacheslav	T5554 Disable sudo for PAM RADIUS