Setting up authentication for Linux hosts

This section provides instructions for setting up authentication for Linux® hosts.

There are two Challenge Handshake Authentication Protocol (CHAP) methods available for setting up authentication for Linux hosts.
To set up authentication for a Linux host, perform the following steps:
  1. Open /etc/iscsi/iscsid.conf or /etc/iscsid.conf using an appropriate editor.
  2. Go to the CHAP settings paragraph. The following screen shows the output:
    Figure 1. CHAP settings for a Linux host
    32
33 # *************
34 # CHAP Settings
35 # *************
36
37 # To enable CHAP authentication set node.session.auth.authmethod
38 # to CHAP. The default is None.
39 #node.session.auth.authmethod = CHAP
40
41 # To set a CHAP username and password for initiator
42 # authentication by the target(s), uncomment the following lines:
43 #node.session.auth.username = username
44 #node.session.auth.password = password
45
46 # To set a CHAP username and password for target(s)
47 # authentication by the initiator, uncomment the following lines:
48 #node.session.auth.username_in = username_in
49 #node.session.auth.password_in = password_in
50
51 # To enable CHAP authentication for a discovery session to the target
52 # set discovery.sendtargets.auth.authmethod to CHAP. The default is None.
53 #discovery.sendtargets.auth.authmethod = CHAP
54
55 # To set a discovery session CHAP username and password for the initiator
56 # authentication by the target(s), uncomment the following lines:
57 #discovery.sendtargets.auth.username = username
58 #discovery.sendtargets.auth.password = password
59
60 # To set a discovery session CHAP username and password for target(s)
61 # authentication by the initiator, uncomment the following lines:
62 #discovery.sendtargets.auth.username_in = username_in
63 #discovery.sendtargets.auth.password_in = password_in
64
65 # ********
  3. Set up one-way authentication.
    1. Uncomment line number 39 and line number 53 in Figure 1.
      • node.session.auth.authmethod = CHAP <normal Session> I
      • discovery.sendtargets.auth.authmethod = CHAP <Discovery Session>
    2. Uncomment line number 43 and line number 57 in Figure 1. Change the username to your initiator name.
      • node.session.auth.username = iqn.sanvc.com <initiator name>
      • discovery.sendtargets.auth.username = iqn.sanvc.com <initiator name>
    3. Uncomment line number 44 and line number 58 in Figure 1. Change the password to the CHAP secret that you set up using the chhost command on the cluster for this host.
      • node.session.auth.password = <CHAP secret for host>
      • discovery.sendtargets.auth.password = <CHAP secret for host>
  4. After you have set up the one-way authentication, follow these steps to set up the two-way authentication.
    1. Uncomment line number 49 and line number 63 in Figure 1. Change the password_in to the CHAP secret that you set up using the chhost command on the cluster for this host.
      • node.session.auth.password = <CHAP secret for cluster>
      • discovery.sendtargets.auth.password_in = <CHAP secret for cluster>
    2. Save these settings.
    Notes:
    1. Do not provide a target name to any other input in line number 48 or line number 62. Do not uncomment the <username_in> parameter.
    2. The CHAP secrets cannot be the same for one-way authentication and two-way authentication.
Parent topic: Installing the Linux software iSCSI initiator
Related tasks
Configuring cluster iSCSI authentication
Configuring cluster iSCSI authentication using the CLI
Library | Support | Terms of use | Feedback
© Copyright IBM Corporation 2003, 2009. All Rights Reserved.