<div dir="ltr">I've noticed an intermittent bug. User1 inherits pap = PAM from a group. User2 has simply pap = cleartext "some_password" explicitly set. <br><div><br></div><div>Randomly, User 1 starts to be denied on nexus with failed to respond:</div><div><br></div><div>2018 Jul 9 10:37:10 Test-Rtr %TACACS-3-TACACS_ERROR_MESSAGE: All servers failed to respond<br>2018 Jul 9 10:37:12 Test-Rtr %AUTHPRIV-3-SYSTEM_MSG: pam_aaa:Authentication failed from 192.168.0.40 - sshd[26316]</div><div><br></div><div>User 2, however, gets right in. </div><div><br></div><div>Also, User 1 works on authentications other than pap. (login and enable)<br></div><div><br></div><div>Restarting the tac_plus daemon causes the issue to go away for an undefined period of time. I am at a loss to debug or even find a way to recreate the recurring issue. tacacs+-F4.0.4.19 did not have this issue. <br></div><div><br></div><div>Note, I have applied this patch because I require pam for enable:</div><div><a href="https://gist.github.com/ragzilla/11297928">https://gist.github.com/ragzilla/11297928</a></div><div><br></div>Admittedly, the next step should be to back out that patch, but I don't understand why it would cause an intermittent bug, especially when enable works just fine in the broken state. <br><div><br></div><div>Thanks for your time.<br></div></div>
<br>
<br>E-Mail to and from me, in connection with the transaction <br>of public business, is subject to the Wyoming Public Records <br>Act and may be disclosed to third parties.<br>