[stgt] CHAP doesn't work as expected ?! Or user error :) ?

Chandra Seetharaman sekharan at us.ibm.com
Tue Feb 23 18:06:57 CET 2010


IMHO, interface looks fine.

Also, shouldn't we add mutual authentication for discovery too ?

I seek some clarification though.

In a Netapp box, I just specify incoming and outgoing password specified
at each target level. No separate password for discovery.

Is that an assumed behavior ? if so, aren't we deviating from it ?

I do see that the RFC (3720) leaves it to the implementer about how
security is handled, so it would be totally up to us. My question is, Is
the deviation acceptable (in common practice).

Thanks

chandra

On Tue, 2010-02-23 at 16:59 +0900, FUJITA Tomonori wrote:
> On Tue, 23 Feb 2010 08:28:38 +0100
> Tomasz Chmielewski <mangoo at wpkg.org> wrote:
> 
> > On 23.02.2010 01:23, FUJITA Tomonori wrote:
> > > On Mon, 22 Feb 2010 16:04:57 -0800
> > > Chandra Seetharaman<sekharan at us.ibm.com>  wrote:
> > >
> > >> Applied the patch to the latest RHEL 5.4 errata. Applied cleanly.
> > >>
> > >> Tested it to be working fine (I bound the user as you bound it with the
> > >> bind command).
> > >
> > > Nice.
> > >
> > >
> > >> I have one question though. How do I specify it in targets.conf ?
> > >
> > > Not supported yet. Needs to update scripts/tgt-admin.
> > 
> > Could you tell me what tgtadm command would I have to run?
> > 
> > Something like:
> > 
> > tgtadm --op new --mode account --user fujita --password tomo
> > tgtadm --op bind --mode account --user fujita
> 
> Yeah. If you don't specify tid, then you bind the account to discovery
> sessions.
> 
> But I'm not sure this is a good interface or not. Any suggestions?

--
To unsubscribe from this list: send the line "unsubscribe stgt" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html



More information about the stgt mailing list