Remove TACACS+ authentication (#15547)

Remove TACACS+ authentication from AWX. Co-authored-by: Hao Liu <44379968+TheRealHaoLiu@users.noreply.github.com>
2026-02-16 10:40:01 -03:30 · 2024-10-02 15:50:17 +02:00
parent f22b192fb4
commit e4c11561cc
27 changed files with 31 additions and 571 deletions
--- a/docs/auth/README.md
+++ b/docs/auth/README.md
@@ -12,13 +12,10 @@ When a user wants to log into AWX, she can explicitly choose some of the support

 On the other hand, the other authentication methods use the same types of login info (username and password), but authenticate using external auth systems rather than AWX's own database. If some of these methods are enabled, AWX will try authenticating using the enabled methods *before AWX's own authentication method*. The order of precedence is:
 * RADIUS
-* TACACS+
 * SAML

-AWX will try authenticating against each enabled authentication method *in the specified order*, meaning if the same username and password is valid in multiple enabled auth methods (*e.g.*, both RADIUS and TACACS+), AWX will only use the first positive match (in the above example, log a user in via RADIUS and skip TACACS+).
-
 ## Notes:
-SAML users, RADIUS users and TACACS+ users are categorized as 'Enterprise' users. The following rules apply to Enterprise users:
+SAML users and RADIUS users are categorized as 'Enterprise' users. The following rules apply to Enterprise users:

  * Enterprise users can only be created via the first successful login attempt from remote authentication backend.
  * Enterprise users cannot be created/authenticated if non-enterprise users with the same name has already been created in AWX.