User authentication
When configuring a Fibre Channel environment, use LUN Manager to set user authentication for ports between your storage system and hosts. In a Fibre Channel environment, the ports and hosts use Null DH-CHAP or CHAP (Challenge Handshake Authentication Protocol with a Null Diffie-Hellmann algorithm) as the authentication method.
User authentication is performed in a Fibre Channel environment in three phases:
- A host group of the storage system authenticates a host that attempts to connect (authentication of hosts).
- The host authenticates the connection-target host group of the storage system (authentication of host groups).
CautionBecause the host bus adapters at present do not support this function, this authentication phase is unusable in the Fibre Channel environment.
- A target port of the storage system authenticates a fabric switch that attempts to connect (authentication of fabric switches).
The storage system performs user authentication by host groups. Therefore, the host groups and hosts need to have their own user information for performing user authentication.
When a host attempts to connect to the storage system, the authentication of hosts phase starts. In this phase, first it is determined whether the host group requires authentication of the host. If it does not, the host connects to the storage system without authentication. If it does, authentication is performed for the host, and when the host is authenticated successfully, processing goes on to the next phase.
After successful authentication of the host, if the host requires user authentication for the host group that is the connection target, the authentication of host groups phase starts. In this way, the host groups and hosts authenticate with each other, that is, mutual authentication. In the authentication of host groups phase, if the host does not require user authentication for the host group, the host connects to the storage system without authentication of the host group.
The settings for authentication of host groups are needed only when you want to perform mutual authentication. The following topics explain the settings required for user authentication.