Assigning identity credentials – SANRAD I3.1.1205 User Manual
Page 139
Chapter 7: Volume Exposure and Security
7-21
Assigning Identity Credentials
If you are working in
a V-Switch cluster,
the identity
authentication
method(s) must be
added on both V-
Switches.
You can require initiator authentication before allowing access to a target
and its underlying volume(s). The V-Switch supports CHAP and SRP
authentication methods. Microsoft and Cisco initiators support CHAP.
Use the CLI command acl identity add chap/srp to assign a login
authentication method(s) to initiators in an identity.
An assigned authentication method encrypts the host login name and
password. The authentication method does not encrypt the virtual
volume data transferred. The host login and password do not have to
relate to the iSCSI initiator WWUI. They can be any selected character
strings.
In the event of a
failover, if each
identity does not
require
authentication on
both V-Switches,
each attached
identity will have free
access to the target’s
underlying volumes.
If you are working with a Microsoft initiator and configuring target
authentication, note that the V-Switch exchanges the final character in the
password with a zero. Therefore, do not configure initiator passwords
with a zero as the final character. CHAP passwords must be between
twelve to sixteen characters in length.
acl identity add chap
You need to define four parameters to assign the CHAP/SRP
authentication method to an identity:
S
WITCH
P
ARAMETER
D
EFINITION
S
TATUS
E
XAMPLE
-id
IDENTITY
ALIAS OF
I
DENTITY
MANDATORY
accounting
-us
USER NAME
INITIATOR USER
NAME
MANDATORY
steven
-pw
USER PASSWORD
INITIATOR
PASSWORD
MANDATORY
UNLESS A
RADIUS
SERVER IS USED
12-16
CHAR
STRING
oneveryhot
dude
-radius
RADIUS RADIUS
SERVER
OPTIONAL
DEFAULT
:
NO
No parameter
required