Table of ContentsView in Frames

Defining an authentication method for an initiator

You can define a list of initiators and their authentication methods. You can also define a default authentication method that applies to initiators that are not on this list.

About this task

You can generate a random password or you can specify the password that you want to use.

Steps

  1. Generate a random password by entering the following command: iscsi security generate
    The storage system generates a 128-bit random password.
  2. For each initiator, enter the following command: iscsi security add -i initiator -s [chap | deny | none] [-f radius | -p inpassword -n inname] [-o outpassword -m outname]

    initiator is the initiator name in the iSCSI nodename format.

    The -s option takes one of several values:
    • chap—Authenticate using a CHAP user name and password.
    • none—The initiator can access the storage system without authentication.
    • deny—The initiator cannot access the storage system.

    radius indicates that RADIUS is used for authentication. You can use the -f option to ensure that initiator only uses RADIUS as the authentication method. If you do not use the -f option, the initiator only attempts to authenticate via RADIUS if the local CHAP authentication fails.

    inpassword is the inbound password for CHAP authentication. The storage system uses the inbound password to authenticate the initiator. An inbound password is required if you are using CHAP authentication and you are not using RADIUS.

    inname is a user name for inbound CHAP authentication. The storage system uses the inbound user name to authenticate the initiator.

    outpassword is a password for outbound CHAP authentication. It is stored locally on the storage system, which uses this password for authentication by the initiator.

    outname is a user name for outbound CHAP authentication. The storage system uses this user name for authentication by the initiator.

    Note: If you generated a random password, you can use this string for either inpassword or outpassword. If you enter a string, the storage system interprets an ASCII string as an ASCII value and a hexadecimal string, such as 0x1345, as a binary value.