topic Re: maximum length of TACACS User ID in General Topics

maximum length of TACACS User ID

cdwing — Mon, 31 Jan 2022 20:18:31 GMT

We use TACACS+ server for admin authentication.

Is there a limit on the length of an ID? I have one that is 40 characters (we use email IDs).

Getting an auth-success log message for this user, but then a Critical "create-admin-acct-error" message:

Failed to create local user account for admin user: <40 character email>

Re: maximum length of TACACS User ID

BPry — Mon, 31 Jan 2022 22:03:28 GMT

@cdwing,

Admin users are limited to 31 characters.

Re: maximum length of TACACS User ID

cdwing — Mon, 31 Jan 2022 22:26:51 GMT

Interesting...

I have an ID that is 40 characters, when you drop the domain (@zzz.com), that takes it to 32 and it works. I know that creating a local admin has the restriction of 31.

We have an auth sequence that drops the original domain and then adds it back for login attempts to get around that CLI does not allow IDs with @ symbols.