[stgt] tgt-admin behavior with multiple targets and same account name
Chandra Seetharaman
sekharan at us.ibm.com
Tue Mar 2 23:06:29 CET 2010
Hi Ronnie,
On Wed, 2010-03-03 at 08:21 +1100, ronnie sahlberg wrote:
> On Wed, Mar 3, 2010 at 8:12 AM, Chandra Seetharaman <sekharan at us.ibm.com> wrote:
> >
> >
> > On Tue, 2010-03-02 at 21:50 +0100, Tomasz Chmielewski wrote:
> >> On 02.03.2010 01:35, Chandra Seetharaman wrote:
> >> > Looks like it will lead to confusion if we allow the account to be
> >> > defined at the target level.
> >> >
> >> > May be we should define the account (account name and password) at the
> >> > global level and have just the "association" at the target level, what
> >> > do you think ?
> >>
> >> Any recommendations for targets.conf format?
> >>
> >
> > At the global level, we could have
> >
> > user accountname1 password1
> > user accountname2 password2
> > :
> > :
> > :
> > and under target,
> >
> > incominguser accountname1
> > outgoinguser accountname2
> >
> > With the recent addition of discovery chap authentication, we need to
> > also add a "global-incominguser" and "global-outgoinguser", like
> >
> > global-incominguser accountname1
> > global-outgoinguser accountname2
> >
> > What do you think ? Comments anybody ?
> >
> > May be it should be discovery-incominguser instead of
> > global-incominguser ?
>
> Is it useful to have / allow different users for authentication for
> discovery vs normal login?
>
open-iscsi has an option to provide both differently. But, I haven't
seen any requirement in the RFC.
> If it is not, maybe keep incominguser/outgoinguser and have it apply
> to both logins
> and then add a new
>
> discovery-authentication = no|required
>
> to control if discovery sessions need authentication or not.
>
We could do that. But, the target username and password comes into
picture _only_ after the initiator finds out what targets are present.
In order for the initiator to get the list of targets, initiator need to
provide the discovery password.
If one has multiple targets with different users (i.e target1 has user1
and target2 has user2 etc.,), then there will be a problem about which
target's user to be used with discovery.
So, we will need a interface that provides a single global user for
discovery and different users for each targets.
Note that same user can be used between targets and for discovery(i.e
One can specify user user1 as incoming user for target1, target2 and
discovery).
>
> >
> > Thanks,
> >
> > chandra
> >
> >
> >>
> >
> > --
> > To unsubscribe from this list: send the line "unsubscribe stgt" in
> > the body of a message to majordomo at vger.kernel.org
> > More majordomo info at http://vger.kernel.org/majordomo-info.html
> >
> --
> To unsubscribe from this list: send the line "unsubscribe stgt" in
> the body of a message to majordomo at vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line "unsubscribe stgt" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
More information about the stgt
mailing list