Manualshelf

HP-UX iSCSI Software Initiator Support Guide, HP-UX 11i v1 and 11i v2, July 2005

ManualsBrandsHP ManualsSoftwareHP-UX iSCSI (SCSI Over TCP/IP) Software
41424344454647484950
Chapter 4
Configuration
Challenge-Handshake Authentication Protocol (CHAP) Configuration
46
To display authentication parameters for all Sessions:
# iscsiutil -pS
To display authentication parameters for a particular Operational Target identified by its Target Name:
# iscsiutil -p -T <target-name>
NOTE If authentication parameters are configured on a per target basis, the parameters displayed by
"iscsiutil -l" are overridden by the parameters displayed by the other display commands.
Among the various authentication parameters displayed by the verification commands described above, the
parameters of interest for the "Uni-directional" CHAP method are:
Authentication Method
CHAP Method
Initiator CHAP Name
CHAP Secret
NOTE CHAP Method is only valid if Authentication Method is set. The values displayed by the
verification commands for the Authentication Method parameters are the values proposed by
the iSCSI Software Initiator to the iSCSI target, in order of preference. The target MUST
respond with the first value that it supports.
Configuring CHAP Authentication Bi-directional
(1) Configure the CHAP username and secret the same way as for the Uni-directional
authentication method.
(2) Configure the NAS and RADIUS server parameters.
# iscsiutil -u -R <nas-hostname> <nas-secret> <radius-server-hostname>
where:
<nas-hostname> is the IP address or hostname of the Network Access Server (NAS). NAS operates as a
client of a RADIUS server (this is the host that runs the iradd daemon). This IP address or hostname is
embedded in the "Access Request" messages. The IP address may be different from the source IP address of
the UDP packets sent by iradd.
<nas-secret> is the secret for the iradd daemon. This secret must be configured as the NAS secret of iradd
on the RADIUS server. It is used by iradd to authenticate the RADIUS server.
<radius-server-hostname> is the IP address or hostname of the RADIUS server.
(3) Configure for the Bi-directional authentication method as follows:
# iscsiutil -u -H <chap-authentication-type> [-T <target-name>] [-I <ip-address>] [-P <tcp-port>] [-M
<portal-grp-tag>]
To configure Bi-directional authentication on a global basis: