Manualshelf

HP-UX iSCSI Software Initiator Support Guide (Edition 7)

ManualsBrandsHP ManualsSoftwareHP-UX iSCSI (SCSI Over TCP/IP) Software
21222324252627282930
Two authentication options are available if CHAP is chosen as the authentication method:
Uni-directional CHAP method:
The target uses CHAP to authenticate the initiator. The initiator does not authenticate the target.
The Uni-directional CHAP method does not require the use of theiradd daemon (iSCSI CHAP
daemon). It also does not require configuration of a RADIUS server on the host (initiator) side.
The default CHAP method is Uni-directional.
Bi-directional CHAP method:
The target uses CHAP to authenticate the initiator. The initiator uses CHAP to authenticate the
target.
The Bi-directional CHAP method requires the use of the iradd daemon (iSCSI CHAP daemon),
as well as the configuration of a RADIUS server on the host (initiator) side.
The initiator authentication method and related attributes are configured using iscsiutil and
stored persistently across reboots.
4.2.1 Configuring CHAP Authentication Uni-directional
The following examples illustrate configuration of CHAP once it has been selected as the
authentication method that will be used.
(1) Configure for the Uni-directional authentication method:
# iscsiutil -u -H <chap-authentication-type> [-T <target-name>] [-I <ip-address>] [-P <tcp-port>] [-M
<portal-grp-tag>]
To configure Uni-directional authentication on a global basis:
# iscsiutil -u -H CHAP_UNI
To configure Uni-directional authentication for a particular Discovery Target Address:
# iscsiutil -u -H CHAP_UNI -I 192.1.1.10 -M 3
To configure Uni-directional authentication for a particular Operational Target:
# iscsiutil -u -H CHAP_UNI -T iqn.2003-11.com.hp.stor:iSCSI
To configure Uni-directional authentication for a particular Operational Target Address:
# iscsiutil -u -H CHAP_UNI -T iqn.2003-11.com.hp.stor:iSCSI -I 192.1.1.1 -P 5000 -M 1
(2) Configure the CHAP initiator username:
# iscsiutil -u -N <chap-initiator-name> [-T <target-name>] [-I <ip-address>] [-P <tcp-port>] [-M
<portal-grp-tag>]
If the CHAP initiator name is not configured, the iSCSI initiator name will be used instead.
To configure the CHAP initiator name on a global basis:
# iscsiutil -u -N mychapusername
To configure the CHAP initiator username for a specific Discovery Target Address:
# iscsiutil -u -N mychapusername -I 192.1.1.25 -M 2
To configure the CHAP initiator username for a specific Operational Target:
# iscsiutil -u -N mychapusername -T iqn.2003-11.com.hp.stor:iSCSI
To configure the CHAP initiator username for a specific Operational Target Address:
# iscsiutil -u -N mychapusername -T iqn.2003-11.com.hp.stor:iSCSI -I 192.1.1.1 -P 5000 -M 1
(3) Configure the initiator CHAP secret:
# iscsiutil -u -W <chap-initiator-secret> [-T <target-name>] [-I <ip-address>] [-P <tcp-port>] [-M
<portal-grp-tag>]
The secret can be entered in two forms, ASCII and hexadecimal. Note that in the hexadecimal
form, the number of hex digits must be even.
To configure the CHAP secret on a global basis:
# iscsiutil -u -W mychapsecret
4.2 Challenge-Handshake Authentication Protocol (CHAP) Configuration 23