• Browse
  • Pages
  • News
  • Labels
  • Attachments
  • Bookmarks
  • Advanced
• Log In
• Sign Up
• Help
  • Help Wiki
  • Contact Wiki Admin
• Report an Issue
  • Report a Wiki Space Issue
  • Report a Site Wide Issue

1. Wikis Home
2. OpenSolaris Information Resources
3. …
4. System Administration Information
5. Storage Administration Information
6. COMSTAR Administration
7. Configuring an iSCSI Storage Array With COMSTAR (Task Map)
8. iSCSI Authentication
9. Configuring iSCSI-Based Authentication (Task Map)

• Log In

Configuring iSCSI-Based Authentication (Task Map)

• Attachments:2
• Added by elizabeth.fais, last edited by DenaSteward on May 13, 2009  (view change)
• show comment hide comment

Comment: Re-name.

---

Search OpenSolaris Info Resources

---

---

OpenSolaris Documentation Community

OpenSolaris 2009.06 Release Wiki

---

Using This Wiki

How to Contribute

FAQ

Recent Updates

Wiki Moderators

View Labels

Licensing

---

OpenSolaris 2009.06 Guides

Getting Started With OpenSolaris 2009.06

OpenSolaris Automated Installer Guide

Distribution Constructor Guide

Fault Management for System Administrators

Image Packaging System Guide

Managing Boot Environments Guide

OpenSolaris System Administration Guide

COMSTAR Administration

OpenSolaris Reference Manual Collection

OpenSolaris Software Developer Collection

OpenSolaris System Administrator Collection

OpenSolaris User Collection

Setting Up Your Development Environment on OpenSolaris

---

Learning Materials

OpenSolaris Learning Center

OpenSolaris Sun Learning Exchange Channel

Package Manager video overview

---

---

Documentation Archive

OpenSolaris 2008.11 Documentation

---

Configuring iSCSI-Based Authentication (Task Map)

Authentication is the process that enables a target to determine whether a connection request is truly coming from a given host. A target authenticates an initiator using the Challenge-Handshake Authentication Protocol (CHAP). CHAP authentication uses the notion of a challenge and a response. With this method, the target challenges the initiator to prove its identity. For the challenge-response method to work, the target must know the initiator's secret key and the initiator must be configured to respond to a challenge.

iSCSI supports unidirectional and bidirectional authentication.

• Unidirectional authentication - Enables the target to authenticate the identity of the initiator. Unidirectional authentication is done on behalf of the target to authenticate the initiator.
• Bidirectional authentication - Adds a second level of security by providing a means for the initiator to authenticate the identity of the target. Bidirectional authentication is driven from the initiator, which controls whether bidirectional authentication is performed. The only setup required for the target is that the chap-user and chap-secret must be correctly defined.

You can simplify CHAP secret management by using a third-party RADIUS server, which acts as a centralized authentication service. When using RADIUS, the RADIUS server stores the set of node names and matching CHAP secrets. The system performing the authentication forwards the node name of the requester and the supplied secret of the requester to the RADIUS server. The RADIUS server can confirm whether the secret is the appropriate one to authenticate the given node name. Both iSCSI and iSER support the use of a RADIUS server.

Task	Description	Instructions
1. Configure authentication on the iSCSI initiator.	Configure CHAP authentication on the iSCSI initiator.	How to Configure CHAP Authentication for an iSCSI Initiator
2. Configure authentication on the iSCSI target.	Configure CHAP Authentication on the iSCSI target.	How to Configure CHAP Authentication for an iSCSI Target
3. (Optional) Use a RADIUS server.	Simplify CHAP management for iSCSI targets and initiators by using a RADIUS server.	How to Simplify Target CHAP Management Using a RADIUS Server How to Simplify Initiator CHAP Management Using a RADIUS Server

These procedures use the the iscsiadm and itadm commands. For more information, see the isciadm(1M) and itadm(1M) man pages.

Where to Go Next

• About iSCSI Authentication
• How to Configure CHAP Authentication for an iSCSI Initiator
• How to Configure CHAP Authentication for an iSCSI Target
• How to Simplify Target CHAP Management Using a RADIUS Server
• How to Simplify Initiator CHAP Management Using a RADIUS Server

Back to COMSTAR Administration Topics

---

Labels parameters

Labels

concept concept Delete

newuser newuser Delete

configuring configuring Delete

storage storage Delete

Enter labels to add to this page:

 

Looking for a label? Just start typing.

Children (4)

  Show Children  |  View in Hierarchy

Sign up or Log in to add a comment or watch this page.