You can use a third-party RADIUS server that acts as a centralized authentication service to simplify CHAP secret management. When using this method, the recommended practice is to use the default CHAP name for each initiator node. In the common case when all initiators are using the default CHAP name, you do not have to create initiator-contexts on the target.

Become superuser.
Configure the target node with the IP address and port of the RADIUS server.
The default port is 1812. This configuration is done once for all iSCSI targets on the target system.
```
# itadm modify-defaults -r <RADIUS-server-IP-address>
Enter RADIUS secret: *********
Re-enter secret: *********
```
Configure the shared secret that is used for communications between the target system and the RADIUS server.
```
# itadm modify-defaults -d
Enter RADIUS secret: *********
Re-enter secret: *********
```
Configure the target system to require RADIUS authentication.
This configuration can be done for an individual target or as a default for all targets.
```
# itadm modify-target -a radius <target-iqn>
```
Configure the RADIUS server with:
- The identity of the target node (for example, its IP address)
- The shared secret the target node uses to communicate with the RADIUS server
- The initiator CHAP name (for example, initiator iqn name) and initiator CHAP secret for each initiator that needs to be authenticated.

Where to Go Next

How to Simplify Initiator CHAP Management Using a RADIUS Server