Page MenuHomeVyOS Platform

Optimize PAM configs for RADIUS/TACACS+
In progress, Requires assessmentPublicBUG


Current versions of configurations are not fully correct which leads to needless calls to authentication servers and slowing down command execution.

We need to:

  1. Make each type of authentication self-sufficient (ensure that it does not conflict with others, to avoid extra calls to RADIUS/TACACS+ servers).
  2. Add a new CLI fallback option to control authentication policy - if the authentication source can be skipped in case of failed authentication (_not failed communication_) or we need to fail immediately and avoid skipping to other authentication sources.
  3. Add a new CLI option to define authentication order (local, RADIUS, TACACS+).


Difficulty level
Hard (possibly days)
1.5, 1.4, 1.3
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Perfectly compatible
Issue type
Bug (incorrect behavior)

Related Objects