[stgt] authentication by initiator's name

Shuko Yasumoto yasumoto.shuko at jp.fujitsu.com
Fri Jun 17 08:46:34 CEST 2011 

Hi,

Thank you for the quick response.

I just started to learn how to create linux kernel style patch.
I will send the patch later (may be next week).

Best Regards,
Hisashi Osanai


On Fri, 17 Jun 2011 15:31:22 +0900
FUJITA Tomonori <fujita.tomonori at lab.ntt.co.jp> wrote:

> On Fri, 17 Jun 2011 15:17:34 +0900
> Shuko Yasumoto <yasumoto.shuko at jp.fujitsu.com> wrote:
> 
> > > I think that malicious users can forge initiator names. How this
> > > feature can be useful?
> > 
> > I understand that initiator names can be changed easily so security 
> > of this feature might poor than IP authentication.
> > But the case " malicious users can forge initiator names " can protect 
> > by combination with CHAP authentication and my idea is providing this 
> > feature in addition to IP authentication.
> > 
> > I think the usage of this feature is same as IP authentication 
> > but there is only difference in the following usage.
> > 
> > Usage  : There is a server which has multiple NICs, user must check 
> >          which IP is connected to targets and then register one IP 
> >          to targets.
> >          If this feature is available, user just register an initiator 
> >          name instead.
> >          Based on RFC 3721, I think initiator name is useful for this 
> >          purpose.
> >          ===
> >          An iSCSI Name is a location-independent, permanent identifier for 
> >          an iSCSI node.  An iSCSI node has one iSCSI name, which stays 
> >          constant for the life of the node.  The terms "initiator name" 
> >          and "target name" also refer to an iSCSI name.
> >          ===
> > 
> > Background for this proposal is:
> > - Above usage.
> > - Many storage vendors use the feature, authentication by initiator name.
> > 
> > I highly appreciate if you give me comments on this.
> 
> I see. Can you send a patch in the proper format (in Linux kernel
> style, see doc/README)? Then I can review and merge it.
> 
> Thanks,
> 
> --
> To unsubscribe from this list: send the line "unsubscribe stgt" in
> the body of a message to majordomo at vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html


--
To unsubscribe from this list: send the line "unsubscribe stgt" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

More information about the stgt mailing list