Configuring mutual chap authentication on, The storage array, Table b-4 – Dell PowerVault MD3200 User Manual
Page 64
64
Appendix—Manual Configuration of iSCSI
Although the storage array allows sizes from 12 to 57 characters, many
initiators only support CHAP secret sizes up to 16 characters (128-bit).
NOTE:
A CHAP secret is not retrievable after it is entered. Ensure that you
record the secret in an accessible place. If Generate Random Secret is used,
copy and paste the secret into a text file for future reference since the same
CHAP secret is used to authenticate any new host servers you may add to the
storage array. If you forget this CHAP secret, you must disconnect all existing
hosts attached to the storage array and repeat the steps in this chapter to
re-add them.
4 Click OK.
Configuring Mutual CHAP Authentication on the Storage Array
The initiator secret must be unique for each host server that connects to the
storage array and must not be the same as the target CHAP secret.
Change the initiator authentication settings in the Change Target
Authentication window. Use these options to change the settings:
• None—Select None if you permit no initiator authentication. If you select
None, any initiator can access this target. Use this option only if you do
not require secure data. However, you can select both
None and CHAP at
the same time.
•
CHAP—Select CHAP if you want to enable an initiator that tries to
access the target to authenticate using CHAP. Define the CHAP secret
only if you want to use mutual CHAP authentication. If you select
CHAP,
and if no CHAP target secret is defined, an error message is displayed.
Click
CHAP Secret to view the Enter CHAP Secret windows. Use this
window to define the CHAP secrets.
NOTE:
To remove a CHAP secret, you must delete the host initiator and re-add it.
Table B-4. CHAP Setting
Option
Description
None
This is the default selection. If None is the only selection, the
storage array allows an iSCSI initiator to log on without
supplying any type of CHAP authentication.
None and CHAP The storage array allows an iSCSI initiator to log on with or
without CHAP authentication.
CHAP
If CHAP is selected and None is deselected, the storage array
requires CHAP authentication before allowing access.
book.book Page 64 Thursday, July 18, 2013 5:56 PM