TACACS+ authenticated user cannot change touch user password on PacketShaper S-Series

book

Article ID: 169245

calendar_today

Updated On:

Products

PacketShaper S-Series

Issue/Introduction

Example

A TACACS+ user named "bluecoat" has touch account permission. This user enters the CLI command to change the touch password:

PacketShaper# setup password touch 
Old touch password: Authentication failed. 


 

Resolution

This is expected behavior for PacketShaper S-Series. For security reasons, a TACACS+ user with 'Touch' permission cannot change PacketShaper S-Series's Local "Touch" Account's password.

sys event display command output also indicates error
926 [0427403.2480] I: command_execute: set password touch (NULL) (NULL) 
927 [0427403.2480] A: accessChangePassword: Password change failed: touch authentication 

 

Workaround

To change local touch account password, log in to PacketShaper S-Series with the local touch permission account via serial console or SSH.