Bug ID 464289: Duplicate TACACS user account handling might cause unexpected results.

Last Modified: Nov 07, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
11.4.1, 11.5.0, 11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.10, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.5.4, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9

Fixed In:

Opened: May 26, 2014
Severity: 3-Major
Related Article:


Duplicate TACACS user account handling might cause unexpected results.


Login might succeed for the local user with one role where it would not succeed for the remote user with a different role. This occurs when using substitution strings (essentially a placeholder string) instead of the actual value that matches the user account information.


Multiple accounts (one local and one remote) with different roles in the same partition. Normally, configuration data validation is performed at the configuration time. However, if TACACS variable substitution is used, this validation can only be performed at user login time.



Fix Information

Duplicate TACACS user account (local and remote) are now handled as expected.

Behavior Change