Brocade iSCSI Gateway Service Administrator's Guide (53-1000603-01, October 2007)
iSCSI Gateway Service Administrator’s Guide 31
53-1000603-01
Configuring iSCSI initiator-to-VT authentication
3
Configuring iSCSI initiator-to-VT authentication
Fabric OS v5.2.0 or higher supports both one-way and mutual CHAP authentication for iSCSI
initiator-to-iSCSI VT target sessions. The authentication method (CHAP or none) is set on a
per-iSCSI VT basis.
To set up CHAP authentication, complete the following procedures:
• “Setting the user name and shared secret”
• “Configuring iSCSI VT authentication”
Setting the user name and shared secret
This section explains how to set up a user name and shared secret for iSCSI initiator
authentication. When an iSCSI VT authenticates an iSCSI initiator, it checks the user name and
shared secret against all configured CHAP values.
To configure a user name and shared secret
1. Connect and log in to the switch.
2. Enter the iscsiCfg
--create auth command with the -u and -s options as follows:
switch:admin> iscsicfg --create auth -u username0001 -s usersecret0001
The operation completed successfully.
Configuring iSCSI VT authentication
To enforce authentication of iSCSI initiators, set each iSCSI VT authentication to CHAP. The iSCSI
initiator can use any user name and shared secret for any iSCSI VT configured on the fabric.
To configure iSCSI VT authentication
1. Connect and log in to the switch.
2. Enter the iscsiCfg
--modify tgt command with the -t and -a options as follows:
switch:admin> iscsicfg --modify tgt -t iqn.2006-10.com.example:disk001 -a CHAP
The operation completed successfully.
3. To verify that CHAP is enabled for the iSCSI VT, enter the iscsiCfg --show tgt command with the
-t and -v options as follows:
switch:admin> iscsicfg --show tgt -t iqn.2006-10.com.example:disk001 -v
Number of records found: 1
Name: iqn.2006-10.com.example:disk001
State/Status: Online/Defined
Auth. Method: CHAP