Cisco Cisco Packet Data Gateway (PDG) Merkblatt
TACACS+ Configuration Mode Commands
▀ on-unknown-user
▄ Cisco ASR 5x00 Command Line Interface Reference
8382
on-unknown-user
Configures StarOS behavior when a TACACS+ server cannot authenticate a given user name. This command also can
be used to configure system behavior separately for TACACS+ unknown user login failures for administrative users
accessing the system via the StarOS console port.
be used to configure system behavior separately for TACACS+ unknown user login failures for administrative users
accessing the system via the StarOS console port.
Important:
Some TACACS+ server implementations will not send a Reply message indicating that the user
name is invalid. Instead, these types of implementations will accept the username, whether valid or not, and then
examine the username and password in combination before sending a Reply message indicating a failed TACACS+
login. In these cases, specifying
examine the username and password in combination before sending a Reply message indicating a failed TACACS+
login. In these cases, specifying
on-unknown-user
will not enforce the desired system behavior. To avoid this
scenario, determine the method the configured TACACS+ servers will use to validate user names before deciding
whether specifying the
whether specifying the
on-unknown-user
command will provide the desired result.
Product
All
Privilege
Security Administrator, Administrator
Mode
Exec > Global Configuration > TACACS+ Configuration
configure > tacacs mode
Entering the above command sequence results in the following prompt:
[local]host_name(config-tacacs)#
Syntax
on-unkown-user { continue | stop } [ tty console ]
{ continue | stop }
Specifies the particular behavior to enforce:
continue
: The system continues with authentication using non-TACACS+ authentication services.
stop
: The system forces the failed TACACS+ user to exit.
[
tty console
Release 12 and later systems only: Can be used after the
continue
or
stop
options to specify the behavior of the
system for TACACS+ CLI users being authenticated via the StarOS console port.
stop tty console
: The system forces the failed user to exit when authentication fails.
continue tty console
: The system will continue with authentication using non-TACACS+ authentication
services.
Usage
Use this command to configure StarOS behavior for users who fail TACACS+ user name authentication.