Cisco Cisco Packet Data Gateway (PDG)
TACACS+ Configuration Mode Commands
on-unknown-user ▀
Command Line Interface Reference, StarOS Release 17 ▄
8859
on-unknown-user
Configures StarOS behavior when a TACACS+ server cannot authenticate a given user name. This command also can
be used to configure system behavior separately for TACACS+ unknown user login failures for administrative users
accessing the system via the StarOS console port.
be used to configure system behavior separately for TACACS+ unknown user login failures for administrative users
accessing the system via the StarOS console port.
Important:
Some TACACS+ server implementations will not send a Reply message indicating that the user
name is invalid. Instead, these types of implementations will accept the username, whether valid or not, and then
examine the username and password in combination before sending a Reply message indicating a failed TACACS+
login. In these cases, specifying on-unknown-user will continue the login process. To avoid this scenario, determine
the method the configured TACACS+ servers will use to validate user names before deciding whether specifying the
on-unknown-user command will provide the desired result.
examine the username and password in combination before sending a Reply message indicating a failed TACACS+
login. In these cases, specifying on-unknown-user will continue the login process. To avoid this scenario, determine
the method the configured TACACS+ servers will use to validate user names before deciding whether specifying the
on-unknown-user command will provide the desired result.
Product
All
Privilege
Security Administrator, Administrator
Mode
Exec > Global Configuration > TACACS+ Configuration
configure > tacacs mode
Entering the above command sequence results in the following prompt:
[local]host_name(config-tacacs)#
Syntax
on-unknown-user { continue | stop } [ tty console ]
continue
The system will continue with authentication using non-TACACS+ authentication services.
stop
The system forces the failed TACACS+ user to exit.
tty console
Release 12 and later systems only: Can be used after the
continue
or
stop
options to specify the behavior
of the system for TACACS+ CLI users being authenticated via the StarOS console port.
stop tty console
: The system forces the failed user to exit when authentication fails.
continue tty console
: The system will continue with authentication using non-TACACS+
authentication services.
Usage
Use this command to configure StarOS behavior for users who fail TACACS+ user name authentication.