Manualshelf

User`s guide

ManualsBrandsChelsio Communications ManualsAdapterChelsio T5
121122123124125126127128129130
Chapter VII. iSCSI PDU Offload Target
Chelsio T5/T4 Unified Wire For Linux Page 123
For one-way CHAP, the initiator CHAP id and secret are configured and stored on a per-initiator
with Chelsio Entity parameter “Auth_CHAP_Initiator”.
4.5.2. Mutual CHAP authentication
With mutual CHAP (also called bidirectional CHAP), the target and initiator use CHAP to
authenticate each other.
For mutual CHAP, in addition to the initiator CHAP id and secret, the target CHAP id and secret
are required. They are configured and stored on a per target basis with Chelsio Entity parameter
“Auth_CHAP_Target”.
4.5.3. Adding CHAP User ID and Secret
A single Auth_CHAP_Target key and multiple Auth_CHAP_Initiator keys could be configured
per target:
target:
TargetName=iqn.2006-02.com.chelsio.diskarray.san1
TargetDevice=/dev/sda PortalGroup=1@192.0.2.178:8000
Auth_CHAP_Policy=Oneway
Auth_CHAP_Initiator=”remoteuser1”:”remoteuser1_secret”
Auth_CHAP_Initiator=”remoteuser2”:”remoteuser2_secret”
Auth_CHAP_Target=“targetid1”:”target1_secret”
In the above example, target iqn.2005-com.chelsio.diskarray.san1 has been configured to
authenticate two initiators, and its own id and secret are configured for use in the case of mutual
CHAP.
4.5.4. AuthMethod and Auth_CHAP_Policy Keys
By setting the iSCSI keys AuthMethod and Auth_CHAP_Policy, a user can choose whether to
enforce CHAP and if mutual CHAP needs to be performed.
The AuthMethod key controls if an initiator needs to be authenticated or not. The default setting
of AuthMethod is None,CHAP
The Auth_CHAP_Policy key controls which CHAP authentication (one-way or mutual) needs to
be performed if CHAP is used. The default setting of Auth_CHAP_Policy is Oneway
On an iSCSI node, with AuthMethod=None,CHAP
Auth_CHAP_Policy=Oneway, Chelsio iSCSI target will accept a relevant initiator if it does
a) no CHAP
b) CHAP Oneway or
c) CHAP Mutual