Manualshelf

HP-UX iSCSI Software Initiator Support Guide (Edition 7)

ManualsBrandsHP ManualsSoftwareHP-UX iSCSI (SCSI Over TCP/IP) Software
21222324252627282930
4.2 Challenge-Handshake Authentication Protocol (CHAP) Configuration
Challenge-Handshake Authentication Protocol (CHAP) is an authentication protocol that defines a
methodology for authenticating initiators and targets. If you do not intend to use CHAP for
authentication, this aspect of the iSCSI Software Intitator configuration is not necessary and can
be ignored.
The iSCSI Software Initiator has visible system administration interactions with the
Challenge-Handshake Authentication Protocol (CHAP). The iSCSI Software Initiator running on
HP-UX can use CHAP optionally, for authentication. The user is expected to understand the CHAP
authentication method prior to its use. CHAP software is not part of the iSCSI Software Initiator.
The configuration of a RADIUS server and CHAP configuration on an iSCSI Target, is beyond the
scope of this document. However, the following documentation will help you to understand the
CHAP protocol and the RADIUS server installation.
Table 3 CHAP and RADIUS Server Documentation
urlDescription
http://www.ietf.org/rfc/rfc1994.txtCHAP information (RFC 1994)
http://www.ietf.org/rfc/rfc2865.txtRADIUS server documentation information (RFC 2865)
http://www.software.hp.com[LINEBREAK][LINEBREAK]-
click on “security and
RADIUS server installation information
manageability”[LINEBREAK][LINEBREAK]- click on “HP-UX
aaa server”
NOTE: CHAP is currently the only authentication method supported by the iSCSI Software Initiator.
Configure the AuthMethod key with "CHAP,None" as the value for all Targets:
# iscsiutil -t authmethod CHAP None
During the next login negotiation, the iSCSI Software Initiator proposes "CHAP,None" (in its order
of preference) to the iSCSI target for the AuthMethod login key.
The target MUST respond with the first value that it supports. The target is expected to respond to
the initiator with "CHAP" for the AuthMethod login key (provided CHAP is configured properly
on the target). If the target responds with "CHAP", CHAP will be chosen as the authentication
method. If the target responds with "None", authentication will not be performed.
NOTE: Currently, AuthMethod is one of the three iSCSI login keys that may be configured by
the user on a per target basis. The default value for AuthMethod is None. If you want to
configure AuthMethod on a per target basis, see Authentication Method Configuration Examples
(page 40).
22 Configuration