Account Links: Cart | Your Account | Logout

Skip to content

Red Hat Knowledgebase

Red Hat Knowledgebase Search:

Updated Within the Last:

New Solutions within the last day New Solutions within the last week New Solutions within the last month

Browse by topics:


Click to View a Topic
Red Hat Enterprise Linux > AS/ES/WS v. 4 > Issue <<  86 of 616 >>

Solution Tools:


Email a Solution Postcard Printer version Submit a comment on this answer Update notifications Request an answer Back

Article Reference

Article ID: 7885
Last update: 07-20-06
Issue:
What iSCSI security options are available in Red Hat Enterprise Linux?
Resolution:

There are two types of Challenge Handshake Authentication Protocol (CHAP) authentication available in the iSCSI initiator provided with Red Hat Enterprise Linux 3 and 4:

  1. Authentication to target (outgoing)
  2. Authentication from target (incoming)

Both types require a username/password combination on the initiator and target. Depending on the target, both methods may be usable simultaneously for bi-directional authentication. If using bi-directional authentication, outgoing and incoming usernames and passwords cannot be the same. In the /etc/iscsi.conf configuration file on the initiator, the usernames and passwords are set with these keys:

  • OutgoingUsername=<username>
  • OutgoingPassword=<password>
  • IncomingUsername=<anotherusername>
  • IncomingPassword=<anotherpassword>

These values can be set either globally or in a target specific manner. Unlike some configuration files in Linux, whitespace at the beginning of lines affects the behavior of certain strings in the /etc/iscsi.conf file. Configuration parameters that are flush with the left-hand margin are treated as global variables. Global variables affect all parameters that follow them in the configuration file, but they can be overridden by local variables. The following example illustrates how to set a global variable for all DiscoveryAddress targets in the configuration file: 

OutgoingUsername=myusername
OutgoingPassword=mypassword
DiscoveryAddress=10.10.1.125
DiscoveryAddress=10.10.1.126

The outgoing username/password combination functions as a global variable and will be used for both discovery addresses.

If a configuration parameter is indented with at least one whitespace character, that line becomes a local variable. Local variables can override global variables for lines that proceed them.

In this example, both global and local variables are set:

OutgoingUsername=myusername   #global
OutgoingPassword=mypassword   #global
DiscoveryAddress=10.10.1.125
 OutgoingUsername=anotherusername   #local
 OutgoingPassword=anotherpassword   #local
DiscoveryAddress=10.10.1.126

The local variables override the global ones, causing anotherusername and anotherpassword to be used as the authentication username and password for the first discovery address. No local variables follow the second discovery address, so it uses the globally set username/password combination of myusername and mypassword.


How well did this entry answer your question?


good wrong incomplete out of date
Red Hat Enterprise Linux > AS/ES/WS v. 4 > Issue <<   86  of  616  >>