Bug ID 428735: TACACS+ system auth and file descriptors leak

Last Modified: May 29, 2024

Affected Product(s):
BIG-IP LTM(all modules)

Known Affected Versions:
11.2.1, 11.3.0, 11.4.0, 11.4.1

Fixed In:
11.5.0, 11.4.1 HF9, 11.2.1 HF16

Opened: Aug 23, 2013

Severity: 1-Blocking

Related Article: K14677


Administrative access to the system with remote authenticated accounts fails , and the following is seen in the security log (/var/log/secure): httpd[###]: PAM [error: /lib/security/pam_bigip_authz.so: cannot open shared object file: Too many open files]. This can eventually lead to lack of access to the BIG-IP system from all but the root account.


If the leak is allowed to accumulate to the point that no file descriptors are available, administrative access using remote authenticated accounts is no longer possible. This also includes access from SSH and console. The root account, which always uses local authentication, is not affected.


Remote system authentication configured to use TACACS+. Administrative access to the BIG-IP system using any HTTP-based results in leaked file descriptors. Relevant access methods include Web UI, iControl and iControl-REST. Repeated automated access using iControl is the fastest route.


Several workaround options: 1. Use a system auth method other than TACACS+. 2. Use only SSH for administrative access. 3. Restart httpd as needed.

Fix Information

A TACACS+ system auth and file descriptors leak has been corrected.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips