On Fri, 17 Jun 2011 15:17:34 +0900 Shuko Yasumoto <yasumoto.shuko at jp.fujitsu.com> wrote: > > I think that malicious users can forge initiator names. How this > > feature can be useful? > > I understand that initiator names can be changed easily so security > of this feature might poor than IP authentication. > But the case " malicious users can forge initiator names " can protect > by combination with CHAP authentication and my idea is providing this > feature in addition to IP authentication. > > I think the usage of this feature is same as IP authentication > but there is only difference in the following usage. > > Usage : There is a server which has multiple NICs, user must check > which IP is connected to targets and then register one IP > to targets. > If this feature is available, user just register an initiator > name instead. > Based on RFC 3721, I think initiator name is useful for this > purpose. > === > An iSCSI Name is a location-independent, permanent identifier for > an iSCSI node. An iSCSI node has one iSCSI name, which stays > constant for the life of the node. The terms "initiator name" > and "target name" also refer to an iSCSI name. > === > > Background for this proposal is: > - Above usage. > - Many storage vendors use the feature, authentication by initiator name. > > I highly appreciate if you give me comments on this. I see. Can you send a patch in the proper format (in Linux kernel style, see doc/README)? Then I can review and merge it. Thanks, -- To unsubscribe from this list: send the line "unsubscribe stgt" in the body of a message to majordomo at vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html |