Bug ID 1025513: PAM Authenticator can cause authorization failure if it fails to lock /var/log/tallylog

Last Modified: Jun 18, 2024

Affected Product(s):
BIG-IP TMOS(all modules)

Known Affected Versions:
14.1.4,,,,,,, 14.1.5,,,,,,, 15.1.3,, 15.1.4,, 15.1.5,, 15.1.6,, 15.1.7, 15.1.8,,, 15.1.9,, 15.1.10,,,, 16.1.0, 16.1.1, 16.1.2,,, 16.1.3,,,,,, 16.1.4,,,, 17.0.0,,, 17.1.0,,,, 17.1.1,,,

Opened: Jun 15, 2021

Severity: 3-Major


The following JSON content can be seen in the HTTP 401 response. (By looking at the capture or RESTful client) {"code":401,"message":"Authorization failed: no user authentication header or token detected. Uri:http://localhost:8100/mgmt/tm/ltm/pool/?expandSubcollections=true Referrer:<ip_address> Sender:<ip_address>,"referer":<ip_address>,"restOperationId":12338804,"kind":":resterrorresponse"} Contention for /var/log/tallylog lock might result in users failing to authenticate correctly. As a result of this issue, you might see the following message: PAM Couldn't lock /var/log/pam/tallylog : Resource temporarily unavailable.


This intermittent auth issue results in the failure of some auth requests.


High concurrent authentication attempts may trigger this issue. For example, opening a connection, using basic authentication, performing a query (for example, get node list, get virtual address list, and set pool min active members), and then closing the connection. If done frequently enough, there is an occasional authentication failure.


Since this is an intermittent authentication failure, wait a few seconds and then attempt to rerun auth request. For automation tools, please use token-based authentication.

Fix Information


Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips