Chapter 17. iSCSI configuration 2 - Software Initiator on Red Hat Linux 401
Draft Document for Review August 30, 2007 12:59 am 7065iSCSI_Config2.fm
represents the initiator authentication. The initiator has itself to authenticate against a
target.
Note that initiator and target CHAP secrets cannot be identical.
Incoming and outgoing usernames are limited to valid IQNs by the DS3300 as defined as
host ports.
Example 17-22 shows the /etc/iscsi.conf file with the incoming and outgoing account
details. The incoming account was configured as a local option for the target and not a
global option. Other subsystems may use a different password.
Example 17-22 Configuration of the iSCSI software initiator
HeaderDigest=always
DataDigest=always
OutgoingUsername=iqn.1987-05.com.cisco:01.5913f144a0d9
OutgoingPassword=b1234567890h
Targetname=iqn.1992-01.com.lsi:1535.00000000000000000000000000000000
Enabled=yes
IncomingUsername=iqn.1992-01.com.lsi:1535.00000000000000000000000000000000
IncomingPassword=a1234567890t
ConnFailTimeout=15
2. Shutdown the server until the DS3300 is also configured.
3. Use the Storage Manager CLI commands (set iscsiInitiator) shown in Example 17-23
to setup the CHAP secret (Challenge Handshake Authentication Protocol) for the already
defined host ports of host HOOGHLY. See Example 17-23.
Example 17-23 SMcli commands to set CHAP secrets for initiators
amazon:~ # SMcli -n DS3300 -c "set iscsiInitiator [\"Hooghly-Initiator\"]
host=\"Hooghly\" chapSecret=\"b1234567890h\"; " -S
amazon:~ #
4. Clarify if there are any initiators without target authentication configured that access the
DS3300. In that case use the command in Example 17-25 otherwise use the command
shown in Example 17-24.
Example 17-24 SMcli - set target authentication - CHAP only
amazon:~ # SMcli -n DS3300 -c "set iscsiTarget
<\"iqn.1992-01.com.lsi:1535.00000000000000000000000000000000\">
authenticationMethod=chap chapSecret=\"a01234567890t\";" -S
amazon:~ #
Example 17-25 SMcli - set target authentication - CHAP and no CHAP
amazon:~ # SMcli -n DS3300 -c "set iscsiTarget
<\"iqn.1992-01.com.lsi:1535.00000000000000000000000000000000\">
authenticationMethod=none authenticationMethod=chap
chapSecret=\"a01234567890t\";" -S
amazon:~ #
Note: CHAP (RFC1944) is the most basic level of iSCSI security available.