You can use the command-line interface (CLI) to configure
the Challenge-Handshake Authentication Protocol (CHAP) to authenticate
the SAN Volume Controller cluster
to the iSCSI-attached hosts. After the CHAP is set for the cluster,
all attached hosts must be configured to authenticate this way. To
help in problem determination, this step can be delayed until after
the first one or two hosts have been configured and their connectivity
has been tested without authentication configured.
To configure authentication between the SAN Volume Controller cluster
and the iSCSI-attached hosts, follow these steps:
- To set the authentication method for the iSCSI communications
of the cluster, enter the following CLI command:
svctask chcluster -iscsiauthmethod chap -chapsecret chap_secret
where chap sets
the authentication method for the iSCSI communications of the cluster
and chap_secret sets the CHAP secret to be used
to authenticate the cluster via iSCSI. This parameter is required
if the iscsiauthmethod chap parameter is specified.
The specified CHAP secret cannot begin or end with a space.
- To clear any previously set CHAP secret for iSCSI authentication,
enter the following CLI command:
svctask chcluster -nochapsecret
The nochapsecret parameter
is not allowed if the chapsecret parameter is
specified.
- The lsiscsiauth command lists the Challenge
Handshake Authentication Protocol (CHAP) secret that is configured
for authenticating an entity to the SAN Volume Controller cluster. The command also displays the configured iSCSI authentication
method. For example, enter the following CLI command:
svcinfo lsiscsiauth
After you configure the CHAP secret for the SAN Volume Controller cluster,
ensure that the cluster CHAP secret is added to each iSCSI-attached
host. On all iSCSI-attached hosts, specify a CHAP secret that the
hosts use to authenticate to the SAN Volume Controller cluster.