You can use the CHAP protocol on hosts running Red Hat Enterprise Linux 5 and 6 series and SUSE Linux Enterprise Server 10 and 11 series to provide enhanced security. To set up CHAP, you must add CHAP user names and passwords to the /etc/iscsi/iscsid.conf file. To complete the setup, you must use the iscsi security command to set up the same user names and passwords on the storage system.
- Open the /etc/iscsi/iscsid.conf file with a text editor.
- Enable CHAP authentication by setting node.session.auth.authmethod to CHAP
The default is None.
node.session.auth.authmethod = CHAP
- Provide a CHAP user name and password for the target to use when authenticating the initiator. You must remove the comment indicators and supply values for the options username and password in the following configuration entries:
node.session.auth.username = username
node.session.auth.password = password
- Provide a CHAP user name and password for the initiator to use when authenticating the target. You must remove the comment indicators and supply values for the options username_in and password_in in the following configuration entries:
node.session.auth.username_in = username_in
node.session.auth.password_in = password_in
- For a successful session discovery, enable discovery CHAP authentication by supplying the passwords in the discovery.sendtargets.auth. options.
Note: The user name and password must match for both session and discovery on the host. Ensure that you use the same user names and passwords that you used when you set up CHAP on the storage system with the iscsi security command.
discovery.sendtargets.auth.authmethod = CHAP
discovery.sendtargets.auth.username = username
discovery.sendtargets.auth.password = password
discovery.sendtargets.auth.username_in = username_in
discovery.sendtargets.auth.password_in = password_in