For iSCSI, you can use Challenge Handshake Authentication Protocol (CHAP) to perform authentication between the initiator and target of a login request. To perform this authentication, a database of CHAP records must exist on the initiator and target. Each CHAP record can specify one name-secret pair to authenticate the initiator only (one-way CHAP) or two pairs to authenticate both the initiator and the target (mutual CHAP). For a login request from an iSCSI host to a controller iSCSI port, the host is the initiator and the controller port is the target.
During onboarding, you are prompted to enable CHAP, add new records, and edit and delete previously defined records. When CHAP is enabled and the storage system is the recipient of a login request from a known originator (initiator), the system will request a known secret. If the originator supplies the secret, the connection will be allowed.
To enable or disable CHAP configuration settings after onboarding is complete, check or uncheck the CHAP Authentication box
(Settings > iSCSI > Configuration).
Regardless of whether CHAP is enabled, you can add, delete, or edit CHAP records (Settings > iSCSI > CHAP).
CAUTION Editing or deleting CHAP records may disrupt connectivity to the host using that record.
Special considerations apply when CHAP is used in a system with a peer connection, which is used in replication. In a peer connection, a storage system can act as the originator or recipient of a login request. If the originator has CHAP enabled-but the recipient does not-the originator is able to modify the peer connection to enable CHAP on the recipient. Provided the two systems have CHAP records for one another-and share the same secret-the recipient is able to authenticate the peer connection.
Data is not available for the Topic
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\