Lets assume that we have configured:
aaa authorization exec default group tacacs+ local if-authenticated
If the TACACS+ server goes down and the user is already logged in will he then be able to run all commands even though he maybe was restricted by TACACS+ to configure only interfaces or such?
Could this then be used for privilege jumping by launching DoS against the TACACS+ server? Would require an account to start with but just thinking of the risks involved with if-authenticated.