Bug ID 860473: Connection and read timeout settings for the TACACS+ authentication provider

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IQ Platform(all modules)

Known Affected Versions:
6.0.1, 6.0.1.1, 6.0.1.2, 6.1.0, 7.0.0.1, 7.0.0.2, 7.1.0

Fixed In:
7.1.0.1

Opened: Dec 12, 2019

Severity: 3-Major

Symptoms

The TACACS+ authentication provider uses a fixed, hard-coded value (5 seconds) for the timeout to get a response from the TACACS+ server. If a request to the TACACS+ server to authenticate a user or to retrieve the user properties does not complete within 5 seconds, the request fails. This causes the BIG-IQ authentication of a remote TACACS+ user to fail as well.

Impact

TACACS+ user authentication to BIG-IQ fails.

Conditions

When you use a TACACS+ authentication provider to authenticate to BIG-IQ and the TACACS+ server is too slow, it will probably time out before you get authenticated.

Workaround

N/A

Fix Information

You can now configure the connection timeout and read timeout settings.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips