[stgt] authentication by initiator's name

Shuko Yasumoto yasumoto.shuko at jp.fujitsu.com
Fri Jun 17 12:49:33 CEST 2011 

Hi,

Could you please review the attached?

I checked this patch with checkpatch.pl script and printed out 
some WARNINGs for line over 80 characters and ERRORs for need 
space around that '<' in usage area.

Thanks in advance,
Hisashi Osanai

On Fri, 17 Jun 2011 15:46:34 +0900
Shuko Yasumoto <yasumoto.shuko at jp.fujitsu.com> wrote:

> 
> Hi,
> 
> Thank you for the quick response.
> 
> I just started to learn how to create linux kernel style patch.
> I will send the patch later (may be next week).
> 
> Best Regards,
> Hisashi Osanai
> 
> 
> On Fri, 17 Jun 2011 15:31:22 +0900
> FUJITA Tomonori <fujita.tomonori at lab.ntt.co.jp> wrote:
> 
> > On Fri, 17 Jun 2011 15:17:34 +0900
> > Shuko Yasumoto <yasumoto.shuko at jp.fujitsu.com> wrote:
> > 
> > > > I think that malicious users can forge initiator names. How this
> > > > feature can be useful?
> > > 
> > > I understand that initiator names can be changed easily so security 
> > > of this feature might poor than IP authentication.
> > > But the case " malicious users can forge initiator names " can protect 
> > > by combination with CHAP authentication and my idea is providing this 
> > > feature in addition to IP authentication.
> > > 
> > > I think the usage of this feature is same as IP authentication 
> > > but there is only difference in the following usage.
> > > 
> > > Usage  : There is a server which has multiple NICs, user must check 
> > >          which IP is connected to targets and then register one IP 
> > >          to targets.
> > >          If this feature is available, user just register an initiator 
> > >          name instead.
> > >          Based on RFC 3721, I think initiator name is useful for this 
> > >          purpose.
> > >          ===
> > >          An iSCSI Name is a location-independent, permanent identifier for 
> > >          an iSCSI node.  An iSCSI node has one iSCSI name, which stays 
> > >          constant for the life of the node.  The terms "initiator name" 
> > >          and "target name" also refer to an iSCSI name.
> > >          ===
> > > 
> > > Background for this proposal is:
> > > - Above usage.
> > > - Many storage vendors use the feature, authentication by initiator name.
> > > 
> > > I highly appreciate if you give me comments on this.
> > 
> > I see. Can you send a patch in the proper format (in Linux kernel
> > style, see doc/README)? Then I can review and merge it.
> > 
> > Thanks,
> > 
> > --
> > To unsubscribe from this list: send the line "unsubscribe stgt" in
> > the body of a message to majordomo at vger.kernel.org
> > More majordomo info at  http://vger.kernel.org/majordomo-info.html
> 
> 
> --
> To unsubscribe from this list: send the line "unsubscribe stgt" in
> the body of a message to majordomo at vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html

---------------------------------------------
株式会社富士通北陸システムズ
ソフトウェア事業本部 第二プラットフォームソフト開発部
安本 秀行(YASUMOTO, Shuko)
E-mail :yasumoto.shuko at jp.fujitsu.com
TEL  :076-241-4696(外線) 7574-4734(内線)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: iqn-authentication.patch
Type: application/octet-stream
Size: 12711 bytes
Desc: not available
URL: <http://lists.wpkg.org/pipermail/stgt/attachments/20110617/d1411b5a/attachment-0002.obj>

More information about the stgt mailing list