Table of ContentsView in Frames

(iSCSI) Setting up CHAP for Red Hat Enterprise Linux 4 series

You can use the CHAP protocol on hosts running Red Hat Enterprise Linux 4 series to provide enhanced security. To set up CHAP, you need edit the /etc/iscsi.conf file to add CHAP user names and passwords. To complete the setup, you must use the iscsi security command to set up the same user names and passwords on the storage system.

Steps

  1. Open the /etc/iscsi.conf file with a text editor.
  2. Add CHAP user names and passwords to the storage system's DiscoveryAddress section. Use a white space or tab to indent the CHAP settings.
    You can set up CHAP as either unidirectional authentication or bidirectional authentication.
    • For unidirectional authentication, you should define only the OutgoingUsername and OutgoingPassword.

      Use the OutgoingUsername and OutgoingPassword for the storage system’s inbound user name and password (inname and inpassword).

    • For bidirectional authentication, you should define both sets of user names/passwords: outgoing and incoming.

      Use IncomingUsername and IncomingPassword of the host as the storage system’s outbound user name and password (outname and outpassword).

    Note: Ensure that you use the same user names and passwords when you set up CHAP on the storage system with the iscsi security command.

    If you want to configure global CHAP—that is, the same user name and password for all the targets—ensure that the CHAP settings are mentioned before the DiscoveryAddress.

    Example
    DiscoveryAddress=192.168.10.20
          OutgoingUsername=username_out
          OutgoingPassword=password_out
          IncomingUsername=username_in
          IncomingPassword=password_in
  3. Configure the storage system as a target by adding the following line for any one iSCSI-enabled interface on each storage system that you used for iSCSI LUNs: DiscoveryAddress=storage_system_IPaddress
    storage_system_IPaddress is the IP address of an Ethernet interface on the storage system. You should specify an interface that is used for iSCSI communication.

    Example: This example specifies two targets. You now need to edit the sections under the targets to add the user names and passwords.

    DiscoveryAddress=192.168.10.100 
    DiscoveryAddress=192.168.10.20